hapi js social login session management

Question

hapi js social login session management

jacob-nelson opened this issue 3 years ago · 1 comments

jacob-nelson commented 3 years ago

Support plan

is this issue currently blocking your project? (yes):
is this issue affecting a production system? (no):

Context

node version: 12.16.1
module version: 11.0.2
environment (e.g. node, browser, native): node
used with (e.g. hapi application, another framework, standalone, ...): hapi and bell
any other relevant information:

How can we help?

I am using hapi js along with bell and cookie for allowing users to log on to the application using google credentials.

I've defined two strategies. one with bell-google and another with cookie-session. The intention is, once the user logged in, the session needs to be maintained.

I am able to successfully redirect the user to google login page and after successful authentication, able to fetch the user profile.

However, when I access logout API, I am getting the following error.

{"statusCode":401,"error":"Unauthorized","message":"Missing authentication"}

Here is my code. Any guidance to resolve this issue will be highly helpful.

"use strict";

const Bell = require("@hapi/bell");
const Hapi = require("@hapi/hapi");
const Cookie = require("@hapi/cookie");

const init = async () => {
    const server = Hapi.server({
        port: 3000,
        host: "localhost",
        routes: { cors: { origin: ["*"] } },
    });

let plugins = [
    {
        plugin: Bell,
    },
    {
        plugin: Cookie,
    },
];

await server.register(plugins);

server.auth.strategy("session", "cookie", {
    cookie: {
        name: "sid-example",

        // Don't forget to change it to your own secret password!
        password: "this-is-a-32-character-password",

        // For working via HTTP in localhost
        isSecure: false,
    },
});

server.auth.strategy("google", "bell", {
    provider: "google",
    password: "this-is-a-32-character-password",
    isSecure: false,
    clientId: "google-client-id",
    clientSecret: "google-client-secret",
});

server.auth.default("google");

server.route({
    method: "GET",
    path: "/auth/google",
    options: {
        auth: {
            strategy: "google",
            mode: "required",
        },
        handler: function (request, h) {
            if (!request.auth.isAuthenticated) {
                return "Authentication failed due to: " + request.auth.error.message;
            } else {
                let creds = request.auth.credentials;
                request.cookieAuth.set({
                    token: creds.token,
                    email: creds.profile.email,
                });
            }

            return (
                "<pre> response = " +
                JSON.stringify(request.auth.credentials, null, 4) +
                "</pre>"
            );
        },
    },
});

server.route({
    method: "GET",
    path: "/logout",
    handler: (request, h) => {
        return "<pre> logged out successfully </pre>";
    },
    config: {
        auth: {
            mode: "required",
            strategy: "session",
        },
    },
});

await server.start();
console.log("Server running on %s", server.info.uri);
};

process.on("unhandledRejection", (err) => {
    console.log(err);
    process.exit(1);
});

init();

Answer 1 · 2021-06-15T16:24:19.000Z

Just to add, I tried with server.auth.default("session"); also, but have the same issue.