Reputation: 65
Multiple auth schemes in hapijs?
I am building an application using hapi.js . The clients of this application are going to be either a web application, so authentication is via JWT in the coookie or via OAuth2 clients which are going to be sending the Bearer key header.
Is there some way that the framework allows using both schemes for the same route? I want the authentication to fail if both schemes fail, but pass if either of the go through.
Upvotes: 1
Views: 3004
Answers (2)
Reputation: 461
hapi supports multiple authentication strategies for a route. Register the indiviual plugins for authentication and set the default auth scheme afterwards.
var Hapi = require('hapi')
var BasicAuth = require('hapi-auth-basic')
var CookieAuth = require('hapi-auth-cookie')
// create new server instance
var server = new Hapi.Server()
// register plugins to server instance
server.register([ BasicAuth, CookieAuth ], function (err) {
if (err) {…}
server.auth.strategy('simple', 'basic', { validateFunc: basicValidationFn })
server.auth.strategy('session', 'cookie', { password: '…' })
server.auth.default('simple')
})
Each authentication scheme may require dedicated configuration (like a cookie password, a validation function, etc.) that you need to provide.
Upvotes: 1
Reputation: 435
Look at http://hapijs.com/api#route-options under auth.strategies. This will allow you to set multiple strategies for your route. You can define the behaviour with auth.mode.
Upvotes: 2
Related Questions
- Cannot implement JWT authorization in `hapi.js`
- How can I get CORS to work for API calls with a Hapi v20 server with HTTPS?
- Invalid JWT token causes a 500 internal server error
- HapiJS - what do I need to do to get CORS working here?
- What is the difference between scope and entity in hapijs?
- Caching the response to an external web service in hapi.js
- Why does my nodejs pdf upload code return Status 415 "unsupported Media Type"