hapi-auth-jwt2 | Secure Hapi.js authentication plugin using JSON Web Tokens | Authentication library

by dwyl JavaScript Version: 10.6.0 License: ISC

X-Ray Key Features Code Snippets Community Discussions(3)Vulnerabilities Install Support

kandi X-RAY | hapi-auth-jwt2 Summary

hapi-auth-jwt2 is a JavaScript library typically used in Security, Authentication, Nodejs, Express.js applications. hapi-auth-jwt2 has no bugs, it has no vulnerabilities, it has a Permissive License and it has medium support. You can install using 'npm i hapi-auth-jwt2-post-support' or download it from GitHub, npm.

:lock: Secure Hapi.js authentication plugin using JSON Web Tokens (JWT) in Headers, URL or Cookies

Support

Quality

Security

License

Reuse

Support

hapi-auth-jwt2 has a medium active ecosystem.

It has 796 star(s) with 128 fork(s). There are 37 watchers for this library.

There were 1 major release(s) in the last 6 months.

There are 18 open issues and 223 have been closed. On average issues are closed in 939 days. There are 1 open pull requests and 0 closed requests.

It has a neutral sentiment in the developer community.

The latest version of hapi-auth-jwt2 is 10.6.0

Quality

hapi-auth-jwt2 has 0 bugs and 0 code smells.

Security

hapi-auth-jwt2 has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

hapi-auth-jwt2 code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

hapi-auth-jwt2 is licensed under the ISC License. This license is Permissive.

Permissive licenses have the least restrictions, and you can use them in most projects.

Reuse

hapi-auth-jwt2 releases are available to install and integrate.

Deployable package is available in npm.

Installation instructions are not available. Examples and code snippets are available.

Top functions reviewed by kandi - BETA

kandi has reviewed hapi-auth-jwt2 and discovered the below as its top functions. This is intended to give you an instant insight into hapi-auth-jwt2 implemented functionality, and help decide if they suit your requirements.

custom helper functions

Get all kandi verified functions for this library.

hapi-auth-jwt2 Key Features

No Key Features are available at this moment for hapi-auth-jwt2.

hapi-auth-jwt2 Examples and Code Snippets

No Code Snippets are available at this moment for hapi-auth-jwt2.

Community Discussions

Trending Discussions on hapi-auth-jwt2

Getting error 500 instead of 401 on token expire in Hapi-auth-jwt2

Can docusign-passport strategy be utilised in Hapi Js backend?

hapi-auth-jwt2 works is not working in hapi.js app?

QUESTION

Getting error 500 instead of 401 on token expire in Hapi-auth-jwt2

Asked 2021-Aug-06 at 21:21

I am using Hapi-auth-jwt2 and facing an issue after my JWT expire, instead of getting a 401 error I am getting 500 server error,

Here is my code:

...

ANSWER

Answered 2021-Aug-06 at 21:21

 statusCode: Joi.any().optional().example(401),
 error: Joi.any().example("Unauthorized"),
 message: Joi.any().example("Missing authentication"),
 attributes: {error: "Expired token"}
}).label("Unauthorized Error");

Source https://stackoverflow.com/questions/68619919

QUESTION

Can docusign-passport strategy be utilised in Hapi Js backend?

Asked 2021-Feb-15 at 19:36

Since, Hapi Utilises its own separate JWT package. like - Bell || HapiAuthJWT2 .

And I failed to find any plugin which is being mantained for passport being able to handle Hapi Request APIs.

The alternative solution is probably to use the DocuSign server APIs directly.

...

ANSWER

Answered 2021-Feb-15 at 19:36

docusign-passport is a plugin strategy for passport.

Hapi's authentication appears to be different. Plus, you referenced JWT authentication. JWT grant is completely different from the Authentication Code grant flow used by passport and its plugins.

The developer center includes information on creating a JWT token for the DocuSign IdPs.

Note that the JWT is signed using the RS256 algorithm.

Added

Re: is a custom plugin needed for HAPI? I don't know, I haven't used HAPI. But even if DocuSign-specific code is needed, it should be straight-forward since DocuSign uses common patterns for its JWT and Authorization Code grant support.

Re: JWT vs Passport. Passport is for authorization code grant. It works well for that OAuth flow. If you want to use the JWT grant flow, it is not supported by the Passport library, AFAIK.

Source https://stackoverflow.com/questions/66205745

QUESTION

hapi-auth-jwt2 works is not working in hapi.js app?

Asked 2020-May-20 at 14:39

I have just started to learn hapi.js. And I'm trying to understand the code of auth. How this works. For that, I followed hapi-auth-jwt2.

After that when I call the API from the postman, I didn't get any output.

This is my server.js file and I run node server.js.

...

ANSWER

Answered 2020-Jan-08 at 14:45

You will need to create a token for each user (people) by using the (secret) key like:

Source https://stackoverflow.com/questions/59647486

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install hapi-auth-jwt2

You can install using 'npm i hapi-auth-jwt2-post-support' or download it from GitHub, npm.

Support

key - (required - unless you have a customVerify function) the secret key (or array of potential keys) used to check the signature of the token or a key lookup function with signature async function(decoded) where: decoded - the decoded but unverified JWT received from client Returns an object { key, extraInfo } where: key - the secret key (or array of keys to try) extraInfo - (optional) any additional information that you would like to use in validate which can be accessed via request.plugins['hapi-auth-jwt2'].extraInfo Throws a Boom error when key lookup fails. Refer to this example implementation and its associated test for a working example.validate - (required) the function which is run once the Token has been decoded with signature async function(decoded, request, h) where: decoded - (required) is the decoded and verified JWT received in the request request - (required) is the original request received from the client h - (required) the response toolkit. Returns an object { isValid, credentials, response } where: isValid - true if the JWT was valid, otherwise false. credentials - (optional) alternative credentials to be set instead of decoded. response - (optional) If provided will be used immediately as a takeover response. errorMessage - (optional defaults to 'Invalid credentials') - the error message raised to Boom if the token is invalid (passed to errorFunc as errorContext.message)verifyOptions - (optional defaults to none) settings to define how tokens are verified by the jsonwebtoken library ignoreExpiration - ignore expired tokens audience - do not enforce token audience issuer - do not require the issuer to be valid algorithms - list of allowed algorithmsresponseFunc - (optional) function called to decorate the response with authentication headers before the response headers or payload is written where: request - the request object. h- the response toolkit.errorFunc - (optional defaults to raising the error requested) function called when an error has been raised. It provides an extension point to allow the host the ability to customise the error messages returned. Passed in object follows the following schema: errorContext - the error object. errorContext.errorType - required the Boom method to call (eg. unauthorized) errorContext.message - required the message passed into the Boom method call errorContext.schema - the schema passed into the Boom method call errorContext.attributes - the attributes passed into the Boom method call The function is expected to return the modified errorContext with all above fields defined. request - the request object. h- the response toolkit.urlKey - (optional defaults to 'token') - if you prefer to pass your token via url, simply add a token url parameter to your request or use a custom parameter by setting urlKey. To disable the url parameter set urlKey to false or ''.cookieKey - (optional defaults to 'token') - if you prefer to set your own cookie key or your project has a cookie called 'token' for another purpose, you can set a custom key for your cookie by setting options.cookieKey='yourkeyhere'. To disable cookies set cookieKey to false or ''.headerKey - (optional defaults to 'authorization') - The lowercase name of an HTTP header to read the token from. To disable reading the token from a header, set this to false or ''.payloadKey - (optional defaults to 'token') - The lowercase name of an HTTP POST body to read the token from. To disable reading the token from a payload, set this to false or ''. Please note, this will not prevent authentication falling through to the payload method unless attemptToExtractTokenInPayload is falsetokenType - (optional defaults to none) - allow custom token type, e.g. Authorization: <tokenType> 12345678.complete - (optional defaults to false) - set to true to receive the complete token (decoded.header, decoded.payload and decoded.signature) as decoded argument to key lookup and verify callbacks (not validate)headless - (optional defaults to none) - set to an object containing the header part of the JWT token that should be added to a headless JWT token received. Token's with headers can still be used with this option activated. e.g { alg: 'HS256', typ: 'JWT' }attemptToExtractTokenInPayload - (optional defaults to false) - set to true to let the authenticate method fall through to the payload method for token extractioncustomExtractionFunc - (optional) function called to perform a custom extraction of the JWT where: request - the request object.

Find more information at: