jot
hapi JSON Web Token (JWT) authentication plugin
The 'jwt'
scheme takes the following options:
Option | Type | Required | Description |
---|---|---|---|
secret |
string | Yes | Secret key used to compute the signature |
algorithms |
array | Algorithm(s) allowed to verify tokens. Defaults to ['HS256'] . Valid algorithms: ['HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'none'] |
|
audience |
string | Verify aud claim against this value |
|
cookie |
string | Cookie name. Defaults to sid . Works in tandem with hapi-auth-cookie . Must set JWT when the cookie is set. See examples below |
|
issuer |
string | Verify iss claim against this value |
|
token |
string | Name of the token set in the cookie. Defaults to token |
|
validateFunc |
function | Function to validate the decoded token on every request |
Note: Storing the token in a cookie is optional, but recommended. You can always send the token in an Authorization
header.
Example:
Or check out the sample app: massive-hapi
/* server.js */ // Register hapi-auth-cookie server; // Register jot server; /* routes.js */ // Login route server; // Resource server;
For more examples, check out the tests.