Reputation: 3
Issue with Hapi-jwt: Hapi-jwt authentication not running the handler function
I am not sure why, but I am having an issue implementing JWT authentication on my API. I'm using the https://www.npmjs.com/package/hapi-jwt package.
Creating the token works without issue, I'm getting a reply back on my /api/v1/login (auth) route, giving me a status:200 and the token:hash.
However, using my basic validation function on any route causes the route's handler to no longer run, and instead the validation function replies with the {"credentials": ... } object.
I'm also using Good and good-console, but I don't believe they are causing any problems in this.
Here's the server code (in the order it appears in my index.js file):
// SERVER SETUP
var server = new hapi.Server();
server.connection({ port: hapiPortNo });
// JWT SERVER REGISTRATIONS
server.register(require('hapi-jwt'), function(err) {
if(err) throw err;
server.auth.strategy('simple', 'bearer-access-token', {
validateFunc: auth.validateJWT,
secret: jwtCodeString
});
});
function defaultHandler(req, reply) {
reply('success!');
}
server.route({
method: 'GET',
path: '/',
handler: defaultHandler,
config: { auth: 'simple' }
});
server.route({
method: 'POST',
path: '/api/v1/login',
handler: auth.authHandler
});
server.register({
register: good,
options: {
reporters: [{
reporter: require('good-console'),
args: [{ log: '*', response: '*' }]
}]
}
}, function (err) {
if(err) {
throw err;
}
// START SERVER
server.start(function () {
server.log('info', 'Server running at: ' + server.info.uri);
});
});
And these are my auth and validation functions (kept in a seperate file, ./lib/auth.js and imported as a requirement):
//Authentication
function authHandler( request, reply ) {
var data = request.payload;
var tokenData = {
"user": data.user
};
var encoded = jwt.sign( tokenData, _codeString);
reply({ "status": 200, "token": encoded });
}
// Validation
function validateJWT( decoded, request, next ) {
var isValid = false;
if(decoded.user == 'me') {
isValid = true;
}
return next(null, isValid, {token: decoded} );
}
The hapi server runs without issues and replies all my routes' data normally when I drop the config: { auth: 'simple' } but for some reason adding authentication is resulting in every route replying with:
{
"credentials": {
"token": {
"user": "me",
"iat": 1425689201
}
}
}
Any thoughts? I'd be open to switching to another JWT auth package if someone has a recommendation.
Upvotes: 0
Views: 1451
Answers (1)
Reputation: 42048
The issue is with the hapi-jwt plugin, it hasn't been updated to work with hapi 8. Line 81 should be changed from
return reply(null, { credentials: credentials });
to
return reply.continue({ credentials: session });
You can either create a issue in the repository of hapi-jwt and ask the author to update the module, or you can try to use an other module like hapi-auth-jwt2 which is compatible with hapi 8.
Upvotes: 1
Related Questions
- Getting error 500 instead of 401 on token expire in Hapi-auth-jwt2
- Invalid JWT token causes a 500 internal server error
- hapi-auth-jwt2 works is not working in hapi.js app?
- Missing authentication with status code 401 , in Hapijs?
- cb is not a function in hapi-auth-jwt2 - Node.js
- Hapi error: handler method did not return a value, a promise, or thrown an error
- Hapi js API basic authentication error
- Unknown authentication strategy: hapi-auth-bearer-simple
- Hapi.js auth not working
- Getting authentication error with HapiJS