v6 Release Notes

Question

v6 Release Notes

johnbrett opened this issue 7 years ago · comments

hapi-auth-bearer-token

Important Note: v6 Drops support for hapi < v17 and Node < 8, due to the nature of the hapi v17 rewrite: hapijs/hapi#3658.

breaking changes:

hapi versions below v17 are no longer support from version 6 of this module.
validateFunc is renamed to validate. The Func suffix was an old convention to signify a function to be passed in here. This much cleaner and less intimidating to new users.
unauthorizedFunc is renamed to unauthorized. Same reasoning as validateFunc.
validate function signature function (token, callback) becomes [async] function(request, token, h).
- validate must now return an object containing the auth details, as opposed to passing this information via callback used in previous versions. There is an example of this in the project README
- The request object has been added to the function signature as previously request could only be accessed via this to avoid breaking changes. This was inconsistent and has been fixed in this release.

Please note: as part of changes with in hapi v17, server.auth.default('simple'); must now be used when setting a default auth strategy. Default strategies can no longer be set when calling server.auth.strategy. Please be careful with this.

Shenghan Gao · Answer 1 · Fri Jan 12 2018 07:22:06 GMT+0800 (China Standard Time)

Didn't mention the plugin expect validateFunc have a callback as the last parameter and need to be called with signature

callback(isValid, credentials, artifacts)

before 6.0.

John Brett · Answer 2 · Fri Jan 12 2018 22:06:53 GMT+0800 (China Standard Time)

Hi @wy193777 is this a question or any observation? I'm not sure I understand what you are looking for.

The following is a screenshot of the README before 6.0, where validateFunc and the callback signature are underlined:

https://github.com/johnbrett/hapi-auth-bearer-token/blob/8da70ac735fb4f2ba47e0958e493e90804e6d394/README.md

Shenghan Gao · Answer 3 · Sat Jan 13 2018 02:49:40 GMT+0800 (China Standard Time)

I mean put this difference here or have a link to the 5.x.x document on README.md would be better. Find the right commit from commit list isn't a very good experience.

John Brett · Answer 4 · Thu Jan 18 2018 01:07:50 GMT+0800 (China Standard Time)

Updated the release notes, thanks for pointing it out.

Daniel Hernandez · Answer 5 · Thu Nov 22 2018 05:13:07 GMT+0800 (China Standard Time)

Good afternoon

I would like to know how I should create a bearer token with the library, or what is the correct way

John Brett · Answer 6 · Thu Nov 22 2018 20:29:15 GMT+0800 (China Standard Time)

This library isn't for creating bearer tokens, just for validating as part of the request lifecycle:

server.auth.strategy('simple', 'bearer-access-token', {
        allowQueryToken: true,              // optional, false by default
        validate: async (request, token, h) => {

            // here is where you validate your token
            // comparing with token from your database for example
            const isValid = token === '1234';

            const credentials = { token };
            const artifacts = { test: 'info' };

            return { isValid, credentials, artifacts };
        }
    });

How you create those tokens is up to you, can be any arbitrary string or use something like https://www.npmjs.com/package/jsonwebtoken