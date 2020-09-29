hapi auth bearer token

[Release Notes] @hapi/hapi, joi, and @hapi/boom are all now peer dependencies to allow maximum flexibility. A reference to joi is now required as opposed to the older @hapi/joi.

For hapi 17.x and above used in combination with the new joi v17.x package. Requires Node 12 or greater.

Note: For hapi v17 and above implementations using @hapi/joi, it is recommended to use Version 6.x.x of this module.

Note: For hapi versions below v17, you must use versions v5.x.x of this module.

Lead Maintainer: John Brett

Bearer authentication requires validating a token passed in by bearer authorization header or query parameter.

This module creates a 'bearer-access-token' scheme takes the following options:

validate - (required) a token validation function with the signature [async] function(request, token, h) where: request - is the hapi request object of the request which is being authenticated. token - the auth token received from the client. h - the response toolkit. Returns an object { isValid, credentials, artifacts } where: isValid - true if token is valid, otherwise false . credentials - a credentials object passed back to the application in request.auth.credentials . Note that due to underlying Hapi expectations, this value must be defined even if isValid is false . We recommend it be set to {} if isValid is false and you have no other value to provide. artifacts - optional authentication related data that is not part of the user's credential.

options - (optional) accessTokenName (Default: 'access_token' ) - Rename token key e.g. 'new_name' would rename the token query parameter to /route1?new_name=1234 . allowQueryToken (Default: false ) - Accept token via query parameter. allowCookieToken (Default: false ) - Accept token via cookie. allowMultipleHeaders (Default: false ) - Accept multiple authorization headers, e.g. Authorization: FD AF6C74D1-BBB2-4171-8EE3-7BE9356EB018; Bearer 12345678 . tokenType (Default: 'Bearer' ) - Accept a custom token type e.g. Authorization: Basic 12345678 . allowChaining (Default: false ) - Allow attempt of additional authentication strategies. unauthorized (Default: Boom.unauthorized ) - A function to call when unauthorized with signature function([message], [scheme], [attributes]) . More details If using a custom unauthorized function, it is recommended you read hapi's documentation on authentication schemes, especially in the case of using multiple strategies: Authentication scheme.



const Hapi = require ( 'hapi' ); const AuthBearer = require ( 'hapi-auth-bearer-token' ); const server = Hapi.server({ port : 8080 }); const start = async () => { await server.register(AuthBearer) server.auth.strategy( 'simple' , 'bearer-access-token' , { allowQueryToken : true , validate : async (request, token, h) => { const isValid = token === '1234' ; const credentials = { token }; const artifacts = { test : 'info' }; return { isValid, credentials, artifacts }; } }); server.auth.default( 'simple' ); server.route({ method : 'GET' , path : '/' , handler : async function ( request, h ) { return { info : 'success!' }; } }); await server.start(); return server; } start() .then( ( server ) => console .log( `Server listening on ${server.info.uri} ` )) .catch( err => { console .error(err); process.exit( 1 ); })

License MIT @ John Brett and other contributors 2018