hapi-auth-hawk
hapi Hawk authentication plugin
Lead Maintainer: Eran Hammer
Hawk authentication
Hawk authentication provides a holder-of-key authentication scheme. The scheme supports payload authentication. The scheme requires the following options:
getCredentialsFunc
- credential lookup function with the signature[async] function(id)
where:id
- the Hawk credentials identifier.- throws an internal error.
- returns
{ credentials }
object where:credentials
a credentials object passed back to the application inrequest.auth.credentials
. Set to benull
orundefined
to indicate unknown credentials (which is not considered an error state).
hawk
- optional protocol options passed toHawk.server.authenticate()
.
const Hapi = ; const credentials = d74s3nz2873n: key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn' algorithm: 'sha256' ; const getCredentialsFunc = { return credentialsid;}; const start = async { const server = Hapi; await server; serverauth; serverauth; server; await serverstart; console;}; ; // Ensure process exits on unhandled rejection process;
Bewit authentication
Bewit authentication provides a short-term access to a protected resource by including a token (bewit) in the request query, issued by an authorized party. Bewit is a subset of the Hawk protocol. The scheme can only be used with 'GET' requests and requires the following options:
getCredentialsFunc
- credential lookup function with the signatureasync function(id)
where:id
- the Hawk credentials identifier.- throws an internal error.
- returns
{ credentials }
object where:credentials
a credentials object passed back to the application inrequest.auth.credentials
. Set to benull
orundefined
to indicate unknown credentials (which is not considered an error state).
hawk
- optional protocol options passed toHawk.server.authenticateBewit()
.
const Hapi = ; const credentials = d74s3nz2873n: key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn' algorithm: 'sha256' ; const getCredentialsFunc = { return credentialsid;}; const start = async { const server = Hapi; await server; serverauth; serverauth; server; await serverstart; console;}; ; // Ensure process exits on unhandled rejection process;
To send an authenticated Bewit request, the URI must contain the 'bewit'
query parameter which can be generated using the Hawk module:
const Hawk = ; const credentials = id: 'd74s3nz2873n' key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn' algorithm: 'sha256'; let uri = 'http://example.com:8080/endpoint';const bewit = Hawkclient;uri += '?bewit=' + bewit;