1.0.0 • Public • Published

Coverage Status


hapi-auth-any is a plugin for hapi.js which lets you combine multiple different authentication strategies. It passes if one of them does. Hapi already supports this out-of-the-box, but only if all of those strategies are based on different schemes. With hapi-auth-any you can combine various strategies that are based on the same scheme.

Only the credentials of the strategy that passes first are returned.

Plugin Options

The plugin only accepts a single option at the moment. strategies is an array containing the names of the strategies to combine. Those names are the first argument passed to server.auth.strategy when registering the strategy.


For complete examples, have a look at the examples folder.

1. Install

Install the plugin with npm install hapi-auth-any.

2. Import

Import hapi-auth-any and the plugins you need for the authentication strategies that you want to combine (in this example only @hapi/basic).

const authAny = require('hapi-auth-any');
const basic = require('@hapi/basic');

Then, create a Hapi server:

const hapi = require('@hapi/hapi');
const server = hapi.server({ port: 8080 });

3. Register

Now, register the plugins

await server.register([

Register the authentication strategies you want to combine.

server.auth.strategy('foo', 'basic', {...});
server.auth.strategy('bar', 'basic', {...});

Finally, register the hapi-auth-any strategy and pass the names of the strategies it should combine as its strategies option. You can set the strategy as the default strategy so it's used for all routes or set it per route.

server.auth.strategy('any', 'any', {
  strategies: ['foo', 'bar'] 


Sometimes, the messages exposed to the end users are not enough to find the root of a problem, specifically if a strategy fails because of a server-side error.

To access the complete errors, including their stack, you can register an event listener:

server.events.on({ name: 'request', channels: 'internal' }, (request, event, tags) => {
  if (tags.auth && tags.error) {

In this, debugging hapi-auth-any isn't different from debugging other strategies. However, in order to preserve the errors that caused hapi-auth-any to fail, it throws an AggregateError, decorated with some boom-specific properties. AggregateErrors are iterable, which is how you can access the individual errors.


npm i hapi-auth-any

DownloadsWeekly Downloads






Unpacked Size

6.45 kB

Total Files


Last publish


  • jscheffner