Search code examples
node.jsjwthapi.js

Issue with Hapi-jwt: Hapi-jwt authentication not running the handler function

I am not sure why, but I am having an issue implementing JWT authentication on my API. I'm using the https://www.npmjs.com/package/hapi-jwt package.

Creating the token works without issue, I'm getting a reply back on my /api/v1/login (auth) route, giving me a status:200 and the token:hash.

However, using my basic validation function on any route causes the route's handler to no longer run, and instead the validation function replies with the {"credentials": ... } object.

I'm also using Good and good-console, but I don't believe they are causing any problems in this.

Here's the server code (in the order it appears in my index.js file):

// SERVER SETUP
var server = new hapi.Server();
server.connection({ port: hapiPortNo });

// JWT SERVER REGISTRATIONS
server.register(require('hapi-jwt'), function(err) {
    if(err) throw err;
    server.auth.strategy('simple', 'bearer-access-token', {
        validateFunc: auth.validateJWT,
        secret: jwtCodeString
    });
});

function defaultHandler(req, reply) {
    reply('success!');
}

server.route({
    method: 'GET',
    path: '/',
    handler: defaultHandler,
    config: { auth: 'simple' }
});

server.route({
    method: 'POST',
    path: '/api/v1/login',
    handler: auth.authHandler
});

server.register({
    register: good,
    options: {
        reporters: [{
            reporter: require('good-console'),
            args: [{ log: '*', response: '*' }]
        }]
    }
}, function (err) {
    if(err) {
        throw err;
    }

// START SERVER
    server.start(function () {
        server.log('info', 'Server running at: ' + server.info.uri);
    });
});

And these are my auth and validation functions (kept in a seperate file, ./lib/auth.js and imported as a requirement):

//Authentication
function authHandler( request, reply ) {
    var data = request.payload;
    var tokenData = {
        "user": data.user
    };      
    var encoded = jwt.sign( tokenData, _codeString);
    reply({ "status": 200, "token": encoded });
}

// Validation
function validateJWT( decoded, request, next ) {
    var isValid = false;    
    if(decoded.user == 'me') {
        isValid = true;
    }
    return next(null, isValid, {token: decoded} );
}

The hapi server runs without issues and replies all my routes' data normally when I drop the config: { auth: 'simple' } but for some reason adding authentication is resulting in every route replying with:

{
    "credentials": {
        "token": {
            "user": "me",
            "iat": 1425689201
        }
    }
}

Any thoughts? I'd be open to switching to another JWT auth package if someone has a recommendation.

Solution

  • The issue is with the hapi-jwt plugin, it hasn't been updated to work with hapi 8. Line 81 should be changed from

    return reply(null, { credentials: credentials });

    to

    return reply.continue({ credentials: session });

    You can either create a issue in the repository of hapi-jwt and ask the author to update the module, or you can try to use an other module like hapi-auth-jwt2 which is compatible with hapi 8.