johnbrett/hapi-auth-bearer-token

v6 Release Notes

johnbrett opened this issue · 6 comments

hapi-auth-bearer-token

Important Note: v6 Drops support for hapi < v17 and Node < 8, due to the nature of the hapi v17 rewrite: hapijs/hapi#3658.

breaking changes:

  • hapi versions below v17 are no longer support from version 6 of this module.
  • validateFunc is renamed to validate. The Func suffix was an old convention to signify a function to be passed in here. This much cleaner and less intimidating to new users.
  • unauthorizedFunc is renamed to unauthorized. Same reasoning as validateFunc.
  • validate function signature function (token, callback) becomes [async] function(request, token, h).
    • validate must now return an object containing the auth details, as opposed to passing this information via callback used in previous versions. There is an example of this in the project README
    • The request object has been added to the function signature as previously request could only be accessed via this to avoid breaking changes. This was inconsistent and has been fixed in this release.

Please note: as part of changes with in hapi v17, server.auth.default('simple'); must now be used when setting a default auth strategy. Default strategies can no longer be set when calling server.auth.strategy. Please be careful with this.

Didn't mention the plugin expect validateFunc have a callback as the last parameter and need to be called with signature

callback(isValid, credentials, artifacts) 

before 6.0.

Hi @wy193777 is this a question or any observation? I'm not sure I understand what you are looking for.

The following is a screenshot of the README before 6.0, where validateFunc and the callback signature are underlined:

image

https://github.com/johnbrett/hapi-auth-bearer-token/blob/8da70ac735fb4f2ba47e0958e493e90804e6d394/README.md

I mean put this difference here or have a link to the 5.x.x document on README.md would be better. Find the right commit from commit list isn't a very good experience.

Updated the release notes, thanks for pointing it out.

Good afternoon

I would like to know how I should create a bearer token with the library, or what is the correct way

This library isn't for creating bearer tokens, just for validating as part of the request lifecycle:

server.auth.strategy('simple', 'bearer-access-token', {
        allowQueryToken: true,              // optional, false by default
        validate: async (request, token, h) => {

            // here is where you validate your token
            // comparing with token from your database for example
            const isValid = token === '1234';

            const credentials = { token };
            const artifacts = { test: 'info' };

            return { isValid, credentials, artifacts };
        }
    });

How you create those tokens is up to you, can be any arbitrary string or use something like https://www.npmjs.com/package/jsonwebtoken