Skip to content

auth0/hapi-auth-jwt

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

62 Commits

.github/workflows

.github/workflows

 
 

example

example

 
 

lib

lib

 
 

test

test

 
 

.gitignore

.gitignore

 
 

.jshintrc

.jshintrc

 
 

.travis.yml

.travis.yml

 
 

Gruntfile.js

Gruntfile.js

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

index.js

index.js

 
 

opslevel.yml

opslevel.yml

 
 

package.json

package.json

 
 

Repository files navigation

hapi-auth-jwt

hapi JSON Web Token (JWT) authentication plugin

JSON Web Token authentication requires verifying a signed token. The 'jwt' scheme takes the following options:

Hapi < 17

Use hapi-auth-jwt < 5 for hapi < 16

Hapi >= 17

Use hapi-auth-jwt >= 5 for hapi >= 17

  • key - (required) The private key the token was signed with.
  • validateFunc - (optional) validation and user lookup function with the signature function(token, callback) where:
    • token - the verified and decoded jwt token
    • callback - a callback function with the signature function(err, isValid, credentials) where:
      • err - an internal error.
      • isValid - true if the token was valid otherwise false.
      • credentials - a credentials object passed back to the application in request.auth.credentials. Typically, credentials are only included when isValid is true, but there are cases when the application needs to know who tried to authenticate even when it fails (e.g. with authentication mode 'try').
  • audience (optional): string or array of strings of valid values for the aud field.
  • issuer (optional): string or array of strings of valid values for the iss field.
  • algorithms (optional): List of strings with the names of the allowed algorithms. For instance, ["HS256", "RS256"].
  • subject (optional): string of valid values for the sub field

See the example folder for an executable example.

const Hapi = require('hapi');
const jwt = require('jsonwebtoken');
const server = new Hapi.Server({ port: 8080 });


const accounts = {
    123: {
        id: 123,
        user: 'john',
        fullName: 'John Doe',
        scope: ['a', 'b']
    }
};


const privateKey = 'BbZJjyoXAdr8BUZuiKKARWimKfrSmQ6fv8kZ7OFfc';

// Use this token to build your request with the 'Authorization' header.
// Ex:
//     Authorization: Bearer <token>
const token = jwt.sign({ accountId: 123 }, privateKey);


const validate = async function (decodedToken, extraInfo) {

    var credentials = accounts[decodedToken.accountId] || {};

    if (!credentials) {
        return { isValid: false };
    }

    return {
      isValid: true,
      credentials
    }
};


await server.register(require('hapi-auth-jwt'));

server.auth.strategy('token', 'jwt', {
    key: privateKey,
    validateFunc: validate
});

server.route({
    method: 'GET',
    path: '/',
    config: {
        auth: 'token'
    }
});

    // With scope requirements
server.route({
    method: 'GET',
    path: '/withScope',
    config: {
        auth: {
            strategy: 'token',
            scope: ['a']
        }
    }
});


await server.start();

You can specify audience, issuer, algorithms and/or subject as well:

server.auth.strategy('token', 'jwt', {
    key: privateKey,
    validateFunc: validate,
    audience: 'http://myapi/protected',
    issuer: 'http://issuer',
    algorithms: ['RS256'],
    subject: 'myRequiredSubject'
});

About

JSON Web Token (JWT) authentication plugin

Resources

Readme

License

View license

Security policy

Security policy
Activity
Custom properties

Stars

15 stars

Watchers

98 watching

Forks

12 forks
Report repository

Releases 2

Supports HAPI 17 Latest
Dec 8, 2022
+ 1 release

Packages

No packages published

Languages

  • JavaScript 99.0%
  • Makefile 1.0%