v6 Release Notes
johnbrett opened this issue · 6 comments
hapi-auth-bearer-token
Important Note: v6 Drops support for hapi < v17 and Node < 8, due to the nature of the hapi v17 rewrite: hapijs/hapi#3658.
breaking changes:
- hapi versions below v17 are no longer support from version 6 of this module.
validateFunc
is renamed tovalidate
. The Func suffix was an old convention to signify a function to be passed in here. This much cleaner and less intimidating to new users.unauthorizedFunc
is renamed tounauthorized
. Same reasoning asvalidateFunc
.validate
function signaturefunction (token, callback)
becomes[async] function(request, token, h)
.validate
must now return an object containing the auth details, as opposed to passing this information via callback used in previous versions. There is an example of this in the project README- The
request
object has been added to the function signature as previouslyrequest
could only be accessed viathis
to avoid breaking changes. This was inconsistent and has been fixed in this release.
Please note: as part of changes with in hapi
v17, server.auth.default('simple');
must now be used when setting a default auth strategy. Default strategies can no longer be set when calling server.auth.strategy
. Please be careful with this.
Didn't mention the plugin expect validateFunc have a callback as the last parameter and need to be called with signature
callback(isValid, credentials, artifacts)
before 6.0.
Hi @wy193777 is this a question or any observation? I'm not sure I understand what you are looking for.
The following is a screenshot of the README before 6.0, where validateFunc
and the callback signature are underlined:
I mean put this difference here or have a link to the 5.x.x document on README.md would be better. Find the right commit from commit list isn't a very good experience.
Updated the release notes, thanks for pointing it out.
Good afternoon
I would like to know how I should create a bearer token with the library, or what is the correct way
This library isn't for creating bearer tokens, just for validating as part of the request lifecycle:
server.auth.strategy('simple', 'bearer-access-token', {
allowQueryToken: true, // optional, false by default
validate: async (request, token, h) => {
// here is where you validate your token
// comparing with token from your database for example
const isValid = token === '1234';
const credentials = { token };
const artifacts = { test: 'info' };
return { isValid, credentials, artifacts };
}
});
How you create those tokens is up to you, can be any arbitrary string or use something like https://www.npmjs.com/package/jsonwebtoken