Using JWT via URI

Question

Using JWT via URI

3goats opened this issue 10 years ago · 15 comments

Hi,

I need to configure HAPI to accept the JWT via the URI as part of a GET request. Is it possible to use it in this way?

Regards.

Answer 1 · 2015-03-19T07:20:15.000Z

Hi @carlskii
The URI use-case is not implemented (yet) as it encourages people to share URLs with tokens (which can lead to security compromise) but... we would consider a Pull Request if you want to submit one...

Answer 2 · 2015-03-19T07:25:43.000Z

@carlskii What would you want to call the URL parameter?
e.g. token or jwt ?

Answer 3 · 2015-04-21T20:37:31.000Z

@carlskii we can implement this in no time. please just let us know what url parameter you want to use. thanks.

Answer 4 · 2015-04-22T16:03:20.000Z

I guess it could just be called "token".

The use case for me would be to ideally generate a time expiring key or token to some of my routes. A bit like Amazons S3 signed url feature. Not sure though if JWT is the right thing for this though.

Answer 5 · 2015-04-22T16:14:50.000Z

Using the exp (expiry) time stamp in the JWT you can easily reject a token that has expired.
Are you hoping to send the link in an email?
E.g: http//:yoursite.com/restricted?token=JWT.goes.here

Answer 6 · 2015-04-22T16:19:01.000Z

Yes that's the plan.

Sent from my iPad

On 22 Apr 2015, at 17:14, Nelson notifications@github.com wrote:

Using the exp (expiry) time stamp in the JWT you can easily reject a token that has expired.
Are you hoping to send the link in an email?

—
Reply to this email directly or view it on GitHub.

Answer 7 · 2015-04-22T16:20:53.000Z

Ok, do you have time to help us write some code or documentation for the feature?

(If you're low on time we could squeeze it in tomorrow and send you a pull request for review...)

Answer 8 · 2015-04-22T16:26:23.000Z

I can help document it, but my skills with regards writing the code for this type of thing are limited.

Sent from my iPad

On 22 Apr 2015, at 17:20, Nelson notifications@github.com wrote:

Ok, do you have time to help us write some code or documentation for the feature?

—
Reply to this email directly or view it on GitHub.

Answer 9 · 2015-07-18T17:43:14.000Z

What is the status on this issue? Is this project maintained (no reply since April 22 on the issue)?

Answer 10 · 2015-07-18T21:38:59.000Z

@rainabba thanks for reminding us about this! This module is maintained and actively used.
We have just published a new version of the module to npm which allows tokens to be passed in via url parameter.
Please let us know if you need any help getting started with using it. 👍

Answer 11 · 2015-07-18T21:43:23.000Z

@carlskii we have released Version 4.6.0 which includes support for token url parameter.
Closing this issue as we consider it to be resolved by the latest release.
Let us know if you need anything else! 👍

Answer 12 · 2015-07-18T21:56:59.000Z

Much appreciated!

Answer 13 · 2015-07-18T22:07:26.000Z

@rainabba we appreciate you keeping us on our toes! 😉
please ⭐ the repository to signal to others that you find it useful.
Thanks again! 👍

Answer 14 · 2016-12-06T15:46:19.000Z

Just needed this feature, thanks feature requesters of times past!

Answer 15 · 2016-12-07T02:17:35.000Z

@alexdrans yeah, we're lucky that way...! ❤️
(hope you are well and your project(s) are going smoothly!)