JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 19511
  • Score
    100M100P100Q157638F
  • License MIT

Simple Bearer authentication scheme plugin for hapi, accepts token by Header or Query parameter.

Package Exports

  • hapi-auth-bearer-token

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (hapi-auth-bearer-token) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

Hapi auth bearer token Build Status Dependency Status

hapi Bearer and Access Token authentication plugin

This project is actively maintained and has 100% unit test coverage. If you have any problems using it or feature requests, please raise an issue. Please star if using, so I know where to focus time spent on open source work.

Bearer authentication requires validating a token passed in by either the bearer authorization header, or by an access_token query parameter. The 'bearer-access-token' scheme takes the following options:

  • validateFunc - (required) a token lookup and validation function with the signature function(token, callback) where:
    • token - the auth token received from the client.
    • callback - a callback function with the signature function(err, isValid, credentials) where:
      • err - an internal error.
      • isValid - true if both the username was found and the password matched, otherwise false.
      • credentials - a credentials object passed back to the application in request.auth.credentials. Typically, credentials are only included when isValid is true, but there are cases when the application needs to know who tried to authenticate even when it fails (e.g. with authentication mode 'try').
  • options - (optional)
    • accessTokenName (Default: 'access_token') - Rename the token query parameter key e.g. 'sample_token_name' would rename the token query parameter to /route1?sample_token_name=12345678.
    • allowQueryToken (Default: true) - Disable accepting token by query parameter, forcing token to be passed in through authorization header.
var Hapi = require('hapi');

var defaultHandler = function (request, reply) {
    reply('success');
};

var server = Hapi.createServer('localhost', 8080, {
    cors: true
});

server.pack.register(require('hapi-auth-bearer-token'), function (err) {

    server.auth.strategy('simple', 'bearer-access-token', {
        validateFunc: function( token, callback ) {
            // Use a real strategy here,
            // comparing with a token from your database for example
            if(token === "1234"){
                callback(null, true, { token: token })
            } else {
                callback(null, false, { token: token })
            }
        }
    });

    server.route({ method: 'GET', path: '/', handler: defaultHandler, config: { auth: 'simple' } });

    server.start(function () {
        console.log('Server started at: ' + server.info.uri);
    })
});

License MIT @ John Brett 2014