		@@ -26,2 +26,22 @@ var Boom = require('boom'); // error handling https://github.com/hapijs/boom

		// allow custom error raising or default to Boom if no errorFunc is defined
		var raiseError = function(errorType, message, scheme, attributes) {
		if (options.errorFunc && internals.isFunction(options.errorFunc)) {
		var errorContext = {
		errorType: errorType,
		message: message,
		scheme: scheme,
		attributes: attributes,
		};
		errorContext = options.errorFunc(errorContext);
		if (errorContext) {
		errorType = errorContext.errorType;
		message = errorContext.message;
		scheme = errorContext.scheme;
		attributes = errorContext.attributes;
		}
		}
		return Boom[errorType](message, scheme, attributes);
		};

		return {
		@@ -33,7 +53,7 @@ authenticate: function (request, reply) {
		if (!token) {
		return reply(Boom.unauthorized(null, 'Token'));
		return reply(raiseError('unauthorized', null, 'Token'));
		}

		if (!extract.isValid(token)) { // quick check for validity of token format
		return reply(Boom.unauthorized('Invalid token format', 'Token'));
		return reply(raiseError('unauthorized', 'Invalid token format', 'Token'));
		} // verification is done later, but we want to avoid decoding if malformed
		@@ -47,3 +67,3 @@ request.auth.token = token; // keep encoded JWT available in the request lifecycle
		catch(e) { // request should still FAIL if the token does not decode.
		return reply(Boom.unauthorized('Invalid token format', 'Token'));
		return reply(raiseError('unauthorized', 'Invalid token format', 'Token'));
		}
		@@ -57,3 +77,3 @@
		if (err) {
		return reply(Boom.wrap(err));
		return reply(raiseError('wrap', err));
		}
		@@ -66,3 +86,3 @@ if (extraInfo) {
		if (err) {
		return reply(Boom.unauthorized('Invalid token', 'Token'), null, { credentials: null });
		return reply(raiseError('unauthorized', 'Invalid token', 'Token'), null, { credentials: null });
		}
		@@ -72,6 +92,6 @@ else { // see: http://hapijs.com/tutorials/auth for validateFunc signature
		if (err) {
		return reply(Boom.wrap(err));
		return reply(raiseError('wrap', err));
		}
		else if (!valid) {
		return reply(Boom.unauthorized('Invalid credentials', 'Token'), null, { credentials: credentials \|\| decoded });
		return reply(raiseError('unauthorized', 'Invalid credentials', 'Token'), null, { credentials: credentials \|\| decoded });
		}
		@@ -89,6 +109,6 @@ else {
		if (err) {
		return reply(Boom.wrap(err));
		return reply(raiseError('wrap', err));
		}
		else if (!valid) {
		return reply(Boom.unauthorized('Invalid credentials', 'Token'), null, { credentials: decoded });
		return reply(raiseError('unauthorized', 'Invalid credentials', 'Token'), null, { credentials: decoded });
		} else {
		@@ -107,3 +127,3 @@ return reply.continue({ credentials: credentials, artifacts: token });
		if (err) {
		return reply(Boom.wrap(err));
		return reply(raiseError('wrap', err));
		}
		@@ -110,0 +130,0 @@ else {

package.json

		{
		"name": "hapi-auth-jwt2",
		"version": "7.0.1",
		"version": "7.1.0",
		"description": "Hapi.js Authentication Plugin/Scheme using JSON Web Tokens (JWT)",
		@@ -30,2 +30,6 @@ "main": "lib/index.js",
		"email": "@benjaminlees <benji.man.lees@gmail.com>"
		},
		{
		"name": "Jason Nah",
		"email": "@jyn <jason.@gmail.com>"
		}
		@@ -32,0 +36,0 @@ ],

README.md

		@@ -192,2 +192,8 @@ # Hapi Auth using JSON Web Tokens (JWT)
		- `reply(err, response)`- is called if an error occurred
		- `errorFunc` - (*optional* defaults to raising the error requested) function called when an error has been raised. It provides an extension point to allow the host the ability to customise the error messages returned. Passed in object follows the following schema:
		- `errorContext.errorType` - *required* the `Boom` method to call (eg. unauthorized)
		- `errorContext.message` - *required* the `message` passed into the `Boom` method call
		- `errorContext.schema` - the `schema` passed into the `Boom` method call
		- `errorContext.attributes` - the `attributes` passed into the `Boom` method call
		- The function is expected to return the modified `errorContext` with all above fields defined.
		- `urlKey` - (*optional* defaults to `'token'`) - if you prefer to pass your token via url, simply add a `token` url parameter to your request or use a custom parameter by setting `urlKey`. To disable the url parameter set urlKey to `false` or ''.
		@@ -292,5 +298,3 @@ - `cookieKey` - (*optional* defaults to `'token'`) - if you prefer to set your own cookie key or your project has a cookie called `'token'` for another purpose, you can set a custom key for your cookie by setting `options.cookieKey='yourkeyhere'`. To disable cookies set cookieKey to `false` or ''.
		> What if I want to disable the ability to pass JWTs in via the URL?
		(asked by @bitcloud in [issue #146](https://github.com/dwyl/hapi-auth-jwt2/pull/146))
		> simply set your `urlKey` to something impossible to guess see:
		[example](https://github.com/dwyl/hapi-auth-jwt2/pull/146#issuecomment-205481751)
		> Set your `urlKey` to `false` or ''. (added by @bitcloud: [issue #146](https://github.com/dwyl/hapi-auth-jwt2/pull/146))

		@@ -302,3 +306,3 @@ ## Generating Your Secret Key
		There are _several_ options for generating secret keys.
		The _easist_ way is to run node's crypto hash in your terminal:
		The _easiest_ way is to run node's crypto hash in your terminal:
		```js
		@@ -407,8 +411,7 @@ node -e "console.log(require('crypto').randomBytes(256).toString('base64'));"

		If you prefer specify your own verification steps instead of having a `validateFunc` simply define a `verifyFunc` *instead*
		while you are initializing the plugin.
		If you prefer specifying your own verification logic instead of having a `validateFunc`, simply define a `verifyFunc` instead when initializing the plugin.

		- `verifyFunc` - (*optional*) the function which is run once the Token has been decoded
		(instead of a `validateFunc`) with signature `function(decoded, request, callback)` where:
		- `decoded` - (*required) is the decoded* and *verified* JWT received from the client in request.headers.authorization
		- `decoded` - (*required) is the decoded but unverified* JWT received from the client in `request.headers.authorization`.
		- `request` - (*required) is the original request* received from the client
		@@ -415,0 +418,0 @@ - `callback` - (*required*) a callback function with the signature `function(err, isValid, credentials)` where:

LICENSE

Sorry, the diff of this file is not supported yet

		@@ -192,2 +192,8 @@ # Hapi Auth using JSON Web Tokens (JWT)
		- `reply(err, response)`- is called if an error occurred
		- `errorFunc` - (*optional* defaults to raising the error requested) function called when an error has been raised. It provides an extension point to allow the host the ability to customise the error messages returned. Passed in object follows the following schema:
		- `errorContext.errorType` - *required* the `Boom` method to call (eg. unauthorized)
		- `errorContext.message` - *required* the `message` passed into the `Boom` method call
		- `errorContext.schema` - the `schema` passed into the `Boom` method call
		- `errorContext.attributes` - the `attributes` passed into the `Boom` method call
		- The function is expected to return the modified `errorContext` with all above fields defined.
		- `urlKey` - (*optional* defaults to `'token'`) - if you prefer to pass your token via url, simply add a `token` url parameter to your request or use a custom parameter by setting `urlKey`. To disable the url parameter set urlKey to `false` or ''.
		@@ -292,5 +298,3 @@ - `cookieKey` - (*optional* defaults to `'token'`) - if you prefer to set your own cookie key or your project has a cookie called `'token'` for another purpose, you can set a custom key for your cookie by setting `options.cookieKey='yourkeyhere'`. To disable cookies set cookieKey to `false` or ''.
		> What if I want to disable the ability to pass JWTs in via the URL?
		(asked by @bitcloud in [issue #146](https://github.com/dwyl/hapi-auth-jwt2/pull/146))
		> simply set your `urlKey` to something impossible to guess see:
		[example](https://github.com/dwyl/hapi-auth-jwt2/pull/146#issuecomment-205481751)
		> Set your `urlKey` to `false` or ''. (added by @bitcloud: [issue #146](https://github.com/dwyl/hapi-auth-jwt2/pull/146))

		@@ -302,3 +306,3 @@ ## Generating Your Secret Key
		There are _several_ options for generating secret keys.
		The _easist_ way is to run node's crypto hash in your terminal:
		The _easiest_ way is to run node's crypto hash in your terminal:
		```js
		@@ -407,8 +411,7 @@ node -e "console.log(require('crypto').randomBytes(256).toString('base64'));"

		If you prefer specify your own verification steps instead of having a `validateFunc` simply define a `verifyFunc` *instead*
		while you are initializing the plugin.
		If you prefer specifying your own verification logic instead of having a `validateFunc`, simply define a `verifyFunc` instead when initializing the plugin.

		- `verifyFunc` - (*optional*) the function which is run once the Token has been decoded
		(instead of a `validateFunc`) with signature `function(decoded, request, callback)` where:
		- `decoded` - (*required) is the decoded* and *verified* JWT received from the client in request.headers.authorization
		- `decoded` - (*required) is the decoded but unverified* JWT received from the client in `request.headers.authorization`.
		- `request` - (*required) is the original request* received from the client
		@@ -415,0 +418,0 @@ - `callback` - (*required*) a callback function with the signature `function(err, isValid, credentials)` where:

hapi-auth-jwt2 - npm Package Compare versions

Improved metrics