Hapi JWT Bearer Token
Hapi Bearer and JWT Authentication, with request
$ npm install --save hapi-auth-jwt-request
Bearer authentication requires validating a token passed in by either the bearer authorization header, or by an access_token query parameter. The 'bearer-access-token'
scheme takes the following options:
validateFunc
- (required) a token lookup and validation function with the signaturefunction (token, request, callback)
where:token
- the decoded and authenticated JSON Web Token.request
- the request object.callback
- a callback function with the signaturefunction (err, isValid, credentials)
where:err
- an internal error.isValid
-true
if access is to be granted, otherwisefalse
.credentials
- a credentials object passed back to the application inrequest.auth.credentials
. Typically,credentials
are only included whenisValid
istrue
, but there are cases when the application needs to know who tried to authenticate even when it fails (e.g. with authentication mode'try'
).
secret
- (required) the secret for decoding the JWT Bearer Token
var Hapi = ; var { ;}; var server = Hapi; serverpack;
Example Usage:
curl -X GET -H "Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6InZhbGlkIHVzZXIifQ.RMKj_W8OXSSXDyop-5t_dpL2qRTtk06gG2PZK4dHZbU" -H "Cache-Control:no-cache" http://localhost:8080 curl -X GET -H "Cache-Control:no-cache" http://localhost:8080?access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6InZhbGlkIHVzZXIifQ.RMKj_W8OXSSXDyop-5t_dpL2qRTtk06gG2PZK4dHZbU