hapi-auth-cookie not setting cookie

Question

For my node app im using the bell and hapi-auth-cookie plugins to use the Yahoo api. With the current code, I am able to authenticate with Yahoo and then am redirected to the homepage. However, request.auth seems to be empty once I get to the homepage. From what I can tell, I'm doing everything exactly as the example, yet I have no authentication once I get back to the homepage. Any help is appreciated! Here's what I've got:

var Path = require('path');
var Hapi = require('hapi');
var cookieSession = require('cookie-session');

var serverOptions = {
  views: {
    engines: {
      html: require('handlebars')
    },
  path: Path.join(__dirname, './app/www/public/pages'),
  layoutPath: Path.join(__dirname, './app/www/public/pages')
  }
};

var server = new Hapi.Server(8003, serverOptions);

server.pack.register([
  require('bell'),
  require('hapi-auth-cookie')
], function(err) {
  if (err) {
    throw err;
  }

  server.auth.strategy('yahoo', 'bell', {
    provider: 'yahoo',
    password: 'cookie_encryption_password',
    clientId:'2kj3kj2',
    clientSecret: '3kj2k3jl',
    isSecure: false     // Terrible idea but required if not using HTTPS
  });

  server.auth.strategy('session', 'cookie', {
    password: 'secret',
    cookie: 'sid-example',
    redirectTo: '/login',
    isSecure: false
  });

  server.route({
    method: ['GET', 'POST'], // Must handle both GET and POST
    path: '/login',          // The callback endpoint registered with the provider
    config: {
      auth: 'yahoo',
      handler: function (request, reply) {

        var creds = request.auth.credentials;
        request.auth.session.clear();
        request.auth.session.set(creds);
        return reply.redirect('/');
      }
    }
  });

  server.route({
    method: 'GET',
    path: '/',
    handler: function (request, reply) {
      reply.view('index', { title: 'hello world' });
    }
  });

  server.start();
});

Answer 1

Even with things setup correctly, I've seen issues lately with Facebook and Twitter (so I could see Yahoo doing the same) depending on which version of Bell was used (4.0 has issues with Facebook for sure) and if the calls were from node_modules or not. As crazy as that sounds, these issues can be seen in recent versions of Clapper where hapi-bell-auth-cookie-plugin works fine using the exact same approach (but not as a node_module).

Answer 2

To expound upon and extend Eran's answer:

If you want to have access to the authentication/session data for a route that doesn't need authentication to view (such as a home page) it is possible but not very intuitive in my opinion. You have to set the auth scheme on the route but then change the mode to 'try' and also set a route specific hapi-auth-cookie parameter to prevent an unauthenticated user from being redirected to the login page as such:

server.route({
  method: 'GET',
  path: '/',
  config: {
    handler: homepage,
    auth: {
      mode: 'try',
      strategy: 'session'
    },
    plugins: { 'hapi-auth-cookie': { redirectTo: false } }
  }
});

mode: 'try' will allow a user to proceed to the route path even if not authenticated and redirectTo: false will stop an unauthenticated request for the route being redirected to the login page. This way, users can get to this route without authentication (typical for a home page) but once authenticated the cookie data set via hapi-auth-cookie is available for use.

Answer 3

You home page is missing authentication. You need to configure '/' to use your cookie auth scheme.