hapi Bearer and Access Token authentication plugin
Bearer authentication requires validating a token passed in by either the bearer authorization header, or by an access_token query parameter. The 'bearer-access-token'
scheme takes the following options:
validateFunc
- (required) a token lookup and validation function with the signaturefunction(token, callback)
where:token
- the auth token received from the client.callback
- a callback function with the signaturefunction(err, isValid, credentials)
where:err
- an internal error.isValid
-true
if both the username was found and the password matched, otherwisefalse
.credentials
- a credentials object passed back to the application inrequest.auth.credentials
. Typically,credentials
are only included whenisValid
istrue
, but there are cases when the application needs to know who tried to authenticate even when it fails (e.g. with authentication mode'try'
).
var Hapi = require('hapi');
var server = Hapi.createServer('localhost', 8080, {
cors: true
});
server.pack.register(require('hapi-auth-bearer-token'), function (err) {
server.auth.strategy('simple', 'bearer-access-token', {
validateFunc: function( token, callback ) {
// Use a real strategy here,
// comparing with a token from your database for example
if(token === "1234"){
callback(null, true, { token: token })
} else {
callback(null, false, { token: token })
}
}
});
server.route({ method: 'GET', path: '/', config: { auth: 'simple' } });
server.start(function () {
console.log('Server started at: ' + server.info.uri);
})
});