CODEWITHSUNDEEP
hapi.js
Kevin Wu
Kevin Wu

Reputation: 8571

What is the difference between scope and entity in hapijs?

I'm looking at some of the auth config options for hapi routes. I understand how scope works - you can set the scope of a route to 'admin' which means the user's credentials must have a scope that matches...but what is the purpose of entity?

Here are the docs:

When I set entity to 'user' on a route I get this error:

"message": "Application credentials cannot be used on a user endpoint"

Which leads me to believe my auth plugin is setting my entity somewhere to 'app'? For reference I am using hapi-auth-jwt.

Upvotes: 6

Views: 791

Answers (2)

claudius
claudius

Reputation: 131

Although this is an old post, in case this can help others, the answer to this is that the authentication is considered to be on behalf of an end-user if the credentials object contains a property user.

In your case, if the credentials object didn't contain such a user property, this was considered as an authentication on behalf of an application, hence the access control failure. Your auth.access.entity definition made your endpoint a user endpoint but your credentials where not considered as user credentials but application credentials.

If your credentials object contains the identity of the user in another property (e.g. sub or email), you may want to copy it into a new property user in your authentication plugin or as part of the validation function you are using to configure it.

Upvotes: 2

aluxian
aluxian

Reputation: 1076

You can tell hapi-auth-jwt what entity the authenticated request has in your validator function:

var validate = function (decodedToken, callback) {
  ...

  credentials = {
    entity: 'user',
    ...
  };

  return callback(error, authorized, credentials)
};

More about the credentials object here.

Upvotes: 0

Related Questions