hapi-auth-jwt
Advanced tools
hapi JSON Web Token (JWT) authentication plugin
JSON Web Token authentication requires verifying a signed token. The 'jwt' scheme takes the following options:
key - (required) The private key the token was signed with.validateFunc - (optional) validation and user lookup function with the signature function(request, token, callback) where:
request - is the hapi request object of the request which is being authenticated.token - the verified and decoded jwt tokencallback - a callback function with the signature function(err, isValid, credentials) where:
err - an internal error.isValid - true if the token was valid otherwise false.credentials - a credentials object passed back to the application in request.auth.credentials. Typically, credentials are only
included when isValid is true, but there are cases when the application needs to know who tried to authenticate even when it fails
(e.g. with authentication mode 'try').verifyOptions - settings to define how tokens are verified by the jsonwebtoken library
algorithms: List of strings with the names of the allowed algorithms. For instance, ["HS256", "HS384"].audience: if you want to check audience (aud), provide a value hereissuer: if you want to check issuer (iss), provide a value hereignoreExpiration: if true do not validate the expiration of the token.maxAge: optional sets an expiration based on the iat field. Eg 2hSee the example folder for an executable example.
var Hapi = require('hapi'),
jwt = require('jsonwebtoken'),
server = new Hapi.Server();
server.connection({ port: 8080 });
var accounts = {
123: {
id: 123,
user: 'john',
fullName: 'John Doe',
scope: ['a', 'b']
}
};
var privateKey = 'BbZJjyoXAdr8BUZuiKKARWimKfrSmQ6fv8kZ7OFfc';
// Use this token to build your request with the 'Authorization' header.
// Ex:
// Authorization: Bearer <token>
var token = jwt.sign({ accountId: 123 }, privateKey, { algorithm: 'HS256'} );
var validate = function (request, decodedToken, callback) {
var error,
credentials = accounts[decodedToken.accountId] || {};
if (!credentials) {
return callback(error, false, credentials);
}
return callback(error, true, credentials)
};
server.register(require('hapi-auth-jwt'), function (error) {
server.auth.strategy('token', 'jwt', {
key: privateKey,
validateFunc: validate,
verifyOptions: { algorithms: [ 'HS256' ] } // only allow HS256 algorithm
});
server.route({
method: 'GET',
path: '/',
config: {
auth: 'token'
}
});
// With scope requirements
server.route({
method: 'GET',
path: '/withScope',
config: {
auth: {
strategy: 'token',
scope: ['a']
}
}
});
});
server.start();
FAQs
JSON Web Token (JWT) authentication plugin
The npm package hapi-auth-jwt receives a total of 113 weekly downloads. As such, hapi-auth-jwt popularity was classified as not popular.
We found that hapi-auth-jwt demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
TC39 met in Seattle and advanced 9 JavaScript proposals, including three to Stage 4, introducing new features and enhancements for a future ECMAScript release.
Security News
Deno 2.2 enhances Node.js compatibility, improves dependency management, adds OpenTelemetry support, and expands linting and task automation for developers.
Security News
React's CRA deprecation announcement sparked community criticism over framework recommendations, leading to quick updates acknowledging build tools like Vite as valid alternatives.