Share your code. npm Orgs help your team discover, share, and reuse code. Create a free org »

    jotpublic

    jot

    hapi JSON Web Token (JWT) authentication plugin

    Build Status Coverage Status

    The 'jwt' scheme takes the following options:

    Option Type Required Description
    secret string Yes Secret key used to compute the signature
    algorithms array Algorithm(s) allowed to verify tokens. Defaults to ['HS256']. Valid algorithms: ['HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'none']
    audience string Verify aud claim against this value
    cookie string Cookie name. Defaults to sid. Works in tandem with hapi-auth-cookie. Must set JWT when the cookie is set. See examples below
    issuer string Verify iss claim against this value
    token string Name of the token set in the cookie. Defaults to token
    validateFunc function Function to validate the decoded token on every request

    Note: Storing the token in a cookie is optional, but recommended. You can always send the token in an Authorization header.

    Example:

    Or check out the sample app: massive-hapi

    /* server.js */
     
     
    // Register hapi-auth-cookie 
     
    server.register(require('hapi-auth-cookie'), (err) => {
     
        server.auth.strategy('session', 'cookie', {
            cookie: 'cookie-name',
            password: 'TheMinimumLengthOfPasswordsIs32!'
        });
    });
     
     
    // Register jot 
     
    server.register(require('jot'), (err) => {
     
        server.auth.strategy('jwt', 'jwt', {
            secret: 'ADifferentPasswordAlsoAtLeast32!',
            cookie: 'cookie-name'
        });
     
        server.auth.default({
            strategy: 'jwt',
            scope: ['admin']
        });
    });
     
     
    /* routes.js */
     
     
    // Login route 
     
    server.route({
        method: 'POST',
        path: '/login',
        config: {
            auth: false,
            handler: (request, reply) => {
     
                // ... validate user credentials, yada yada yada ... 
     
                // Set the token inside of the cookie 
     
                request.cookieAuth.set(Jwt.sign({
                    scope: ['admin']
                }, 'ADifferentPasswordAlsoAtLeast32!', {
                    expiresIn: 60 * 60 * 2 // 2 hrs, but can be anything 
                }));
     
                reply('ok!');
            }
        }
    });
     
     
    // Resource 
     
    server.route({
        method: 'GET',
        path: '/trade-secrets',
        config: {
            handler: (request, reply) => {
     
                // User is already authorized, time to check out those trade secrets 
     
                reply('secrets!');
            }
        }
    });

    For more examples, check out the tests.

    install

    npm i jot

    Downloadslast 7 days

    33

    version

    2.0.2

    license

    BSD-3-Clause

    repository

    github.com

    last publish

    collaborators

    • avatar