hapi-auth-bearer
v0.0.5
Published
A Hapi.js Bearer authentication plugin
Downloads
10
Readme
hapi-auth-bearer
Bearer authentication
This scheme requires the following options:
validateFunc
- Function with signaturefunction(secretOrToken, callback)
where:secretOrToken
- thesecret
if optionbase64: true
is set, otherwise the raw token value is passed in.callback
- the callback function with signaturefunction(err, credentials)
where:err
- an internal error.credentials
- a credentials object that gets passed back to the application inrequest.auth.credentials
. Returnnull
orundefined
to when the credentials are unknown (and not an error).
base64
- Boolean value (defaults tofalse
aka just accepts a raw token value). This gives you the ability to pass back a base64 encoded authorization header: base64(SECRET:TOKEN)- i.e.) Bearer NTJlYjRmZmRmM2M3MjNmZjA1MTEwYmYxOjk5ZWQyZjdmMWRiNjBiZDBlNGY1ZjQ4ZjRhMWVhNWVjMmE4NzU2ZmU=
Using Token
var Hapi = require('hapi');
var server = new Hapi.Server();
var credentials = {
someSuperSecureToken: {
user: { /** ... */ }
}
};
var validateFunc = function (token, callback) {
if (!credentials[token]) {
callback(null, null);
} else {
callback(null, credentials[token]);
}
};
server.pack.require('hapi-auth-bearer', function (err) {
server.auth.strategy('bearer', 'bearer', { validateFunc: validateFunc });
});
Using Base64 (secret & token)
var Hapi = require('hapi');
var server = new Hapi.Server();
var credentials = {
shhImASecret: {
token: 'someSuperSecureToken',
user: { /** ... */ }
}
};
var validateFunc = function (secret, token, callback) {
if (!credentials[secret] || credentials[secret].token !== token) {
callback(null, null);
} {
callback(null, credentials[secret]);
}
};
server.pack.require('hapi-auth-bearer', function (err) {
server.auth.strategy('bearer-base64', 'bearer', {
base64: true,
validateFunc: validateFunc
});
});