hapi-auth-jwt
hapi JSON Web Token (JWT) authentication plugin
JSON Web Token authentication requires verifying a signed token. The 'jwt'
scheme takes the following options:
key
- (required) The private key the token was signed with.validateFunc
- (optional) validation and user lookup function with the signaturefunction(request, token, callback)
where:request
- is the hapi request object of the request which is being authenticated.token
- the verified and decoded jwt tokencallback
- a callback function with the signaturefunction(err, isValid, credentials)
where:err
- an internal error.isValid
-true
if the token was valid otherwisefalse
.credentials
- a credentials object passed back to the application inrequest.auth.credentials
. Typically,credentials
are only included whenisValid
istrue
, but there are cases when the application needs to know who tried to authenticate even when it fails (e.g. with authentication mode'try'
).
verifyOptions
- settings to define how tokens are verified by the jsonwebtoken libraryalgorithms
: List of strings with the names of the allowed algorithms. For instance,["HS256", "HS384"]
.audience
: if you want to check audience (aud
), provide a value hereissuer
: if you want to check issuer (iss
), provide a value hereignoreExpiration
: iftrue
do not validate the expiration of the token.maxAge
: optional sets an expiration based on theiat
field. Eg2h
See the example folder for an executable example.
var Hapi = jwt = server = ; server; var accounts = 123: id: 123 user: 'john' fullName: 'John Doe' scope: 'a' 'b' ; var privateKey = 'BbZJjyoXAdr8BUZuiKKARWimKfrSmQ6fv8kZ7OFfc'; // Use this token to build your request with the 'Authorization' header. // Ex:// Authorization: Bearer <token>var token = jwt; var { var error credentials = accountsdecodedTokenaccountId || {}; if !credentials return ; return }; server; serverstart;