npm
Sign UpSign In

jot

2.0.2 • Public • Published

jot

hapi JSON Web Token (JWT) authentication plugin

Build Status Coverage Status

The 'jwt' scheme takes the following options:

Option Type Required Description
secret string Yes Secret key used to compute the signature
algorithms array Algorithm(s) allowed to verify tokens. Defaults to ['HS256']. Valid algorithms: ['HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'none']
audience string Verify aud claim against this value
cookie string Cookie name. Defaults to sid. Works in tandem with hapi-auth-cookie. Must set JWT when the cookie is set. See examples below
issuer string Verify iss claim against this value
token string Name of the token set in the cookie. Defaults to token
validateFunc function Function to validate the decoded token on every request

Note: Storing the token in a cookie is optional, but recommended. You can always send the token in an Authorization header.

Example:

Or check out the sample app: massive-hapi

/* server.js */
 
 
// Register hapi-auth-cookie
 
server.register(require('hapi-auth-cookie'), (err) => {
 
    server.auth.strategy('session', 'cookie', {
        cookie: 'cookie-name',
        password: 'TheMinimumLengthOfPasswordsIs32!'
    });
});
 
 
// Register jot
 
server.register(require('jot'), (err) => {
 
    server.auth.strategy('jwt', 'jwt', {
        secret: 'ADifferentPasswordAlsoAtLeast32!',
        cookie: 'cookie-name'
    });
 
    server.auth.default({
        strategy: 'jwt',
        scope: ['admin']
    });
});
 
 
/* routes.js */
 
 
// Login route
 
server.route({
    method: 'POST',
    path: '/login',
    config: {
        auth: false,
        handler: (request, reply) => {
 
            // ... validate user credentials, yada yada yada ...
 
            // Set the token inside of the cookie
 
            request.cookieAuth.set(Jwt.sign({
                scope: ['admin']
            }, 'ADifferentPasswordAlsoAtLeast32!', {
                expiresIn: 60 * 60 * 2 // 2 hrs, but can be anything
            }));
 
            reply('ok!');
        }
    }
});
 
 
// Resource
 
server.route({
    method: 'GET',
    path: '/trade-secrets',
    config: {
        handler: (request, reply) => {
 
            // User is already authorized, time to check out those trade secrets
 
            reply('secrets!');
        }
    }
});

For more examples, check out the tests.

Versions

Current Tags

  • Version
    Downloads (Last 7 Days)
    • Tag
  • 2.0.2
    17
    • latest

Version History

Package Sidebar

Install

npm i jot

Repository

github.com/ryanwalters/jot

Homepage

github.com/ryanwalters/jot#readme

Weekly Downloads

26

Version

2.0.2

License

BSD-3-Clause

Last publish

Collaborators

  • ryanwalters
Try on RunKit
Report malware