🚀 DAY 5 OF LAUNCH WEEK: Introducing Socket Firewall Enterprise.Learn more →
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

jot

Package Overview
Dependencies
Maintainers
1
Versions
10
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

jot

hapi JSON Web Token (JWT) authentication plugin

latest
Source
npmnpm
Version
2.0.2
Version published
Maintainers
1
Created
Source

jot

hapi JSON Web Token (JWT) authentication plugin

Build Status Coverage Status

The 'jwt' scheme takes the following options:

OptionTypeRequiredDescription
secretstringYesSecret key used to compute the signature
algorithmsarrayAlgorithm(s) allowed to verify tokens. Defaults to ['HS256']. Valid algorithms: ['HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'none']
audiencestringVerify aud claim against this value
cookiestringCookie name. Defaults to sid. Works in tandem with hapi-auth-cookie. Must set JWT when the cookie is set. See examples below
issuerstringVerify iss claim against this value
tokenstringName of the token set in the cookie. Defaults to token
validateFuncfunctionFunction to validate the decoded token on every request

Note: Storing the token in a cookie is optional, but recommended. You can always send the token in an Authorization header.

Example:

Or check out the sample app: massive-hapi

/* server.js */


// Register hapi-auth-cookie

server.register(require('hapi-auth-cookie'), (err) => {

    server.auth.strategy('session', 'cookie', {
        cookie: 'cookie-name',
        password: 'TheMinimumLengthOfPasswordsIs32!'
    });
});


// Register jot

server.register(require('jot'), (err) => {

    server.auth.strategy('jwt', 'jwt', {
        secret: 'ADifferentPasswordAlsoAtLeast32!',
        cookie: 'cookie-name'
    });

    server.auth.default({
        strategy: 'jwt',
        scope: ['admin']
    });
});


/* routes.js */


// Login route

server.route({
    method: 'POST',
    path: '/login',
    config: {
        auth: false,
        handler: (request, reply) => {

            // ... validate user credentials, yada yada yada ...

            // Set the token inside of the cookie

            request.cookieAuth.set(Jwt.sign({
                scope: ['admin']
            }, 'ADifferentPasswordAlsoAtLeast32!', {
                expiresIn: 60 * 60 * 2 // 2 hrs, but can be anything
            }));

            reply('ok!');
        }
    }
});


// Resource

server.route({
    method: 'GET',
    path: '/trade-secrets',
    config: {
        handler: (request, reply) => {

            // User is already authorized, time to check out those trade secrets

            reply('secrets!');
        }
    }
});

For more examples, check out the tests.

Keywords

jot
hapi
hapijs
jwt
json web tokens
auth

FAQs

Package last updated on 05 May 2016

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

The Changelog Podcast: Practical Steps to Stay Safe on npm

Security News

The Changelog Podcast: Practical Steps to Stay Safe on npm

Learn the essential steps every developer should take to stay secure on npm and reduce exposure to supply chain attacks.

By Sarah Gooding  -  Oct 31, 2025