@tanepiper/hapi-auth-jwt

4.0.0 • Public • Published

hapi-auth-jwt

hapi JSON Web Token (JWT) authentication plugin

Build Status

JSON Web Token authentication requires verifying a signed token. The 'jwt' scheme takes the following options:

  • key - (required) The private key the token was signed with.
  • validateFunc - (optional) validation and user lookup function with the signature function(request, token, callback) where:
    • request - is the hapi request object of the request which is being authenticated.
    • token - the verified and decoded jwt token
  • verifyOptions - settings to define how tokens are verified by the jsonwebtoken library
    • algorithms: List of strings with the names of the allowed algorithms. For instance, ["HS256", "HS384"].
    • audience: if you want to check audience (aud), provide a value here
    • issuer: if you want to check issuer (iss), provide a value here
    • ignoreExpiration: if true do not validate the expiration of the token.
    • maxAge: optional sets an expiration based on the iat field. Eg 2h

See the example folder for an executable example.

const Hapi = require('hapi');
const jwt = require('jsonwebtoken');
const server = new Hapi.Server({ port: 8080 });

await server.connection();

const accounts = {
    123: {
        id: 123,
        user: 'john',
        fullName: 'John Doe',
        scope: ['a', 'b']
    }
};

const privateKey = 'BbZJjyoXAdr8BUZuiKKARWimKfrSmQ6fv8kZ7OFfc';

// Use this token to build your request with the 'Authorization' header.  
// Ex:
//     Authorization: Bearer <token>
const token = jwt.sign({ accountId: 123 }, privateKey, { algorithm: 'HS256'} );

const validate = async function (request, decodedToken) {
  
  const credentials = await getUser(decodedToken.accountId);
  if (!credentials) {
    throw Boom.notFound();
  }
  return credentials;
};

await server.register(require('hapi-auth-jwt'));
server.auth.strategy('token', 'jwt', {
  key: privateKey,
  validateFunc: validate,
  verifyOptions: { algorithms: [ 'HS256' ] }  // only allow HS256 algorithm
});

server.route({
    method: 'GET',
    path: '/',
    options: {
        auth: 'token'
    }
});

// With scope requirements
server.route({
    method: 'GET',
    path: '/withScope',
    options: {
        auth: {
            strategy: 'token',
            scope: ['a']
        }
    }
});

await server.start();

Dependents (0)

Package Sidebar

Install

npm i @tanepiper/hapi-auth-jwt

Weekly Downloads

2

Version

4.0.0

License

BSD-3-Clause

Last publish

Collaborators

  • tanepiper