hapi-auth-whodat

Release 1.1.1

Hapi authentication plugin that uses 3rd-party authoritative source.

Homepage npm JavaScript Download

Keywords
auth, hapi, basicauth
License
MIT
Install
npm install hapi-auth-whodat@1.1.1

Documentation

WhoDat Auth Plugin for Hapi

npm version Build Status Coverage Status

A BasicAuth plugin that checks credentials with an external authority. Works with Hapi version 8 or later.

npm install --save hapi-auth-whodat
var Hapi = require('hapi');

var server = new Hapi.Server();
server.connection({
  host: 'localhost',
  port: 8000
});

server.register(require('../'), function(err) {
  server.auth.strategy('default', 'whodat', true, {
    url: 'https://auth.app.com/credentials',
    auth: {
      username: 'internal',
      password: 'secret'
    }
  });

  server.start();
});

The above will attempt to authenticate each route by calling the given URL with the users's credentials. For instance, if a user with username john and password shhhhh requests a route in this server, the url https://auth.app.com/credentials?username=john&password=shhhhh will be called via HTTP GET. If the credentials are valid, the external authority should respond with:

{
  "credentials" : {
    "authenticated": true
  }
}

Whatever is returned in the credentials object (in addition to the username set as id) will be set in the req.auth.credentials object accessible from the route.

Plugin Options

The following options are available when registering the plugin:

  • 'url' (required) - the URL to call for authentication.
  • 'method' - the HTTP method to use. Defaults to "GET".
  • 'auth' - authentication object that will be included with the request to the external authority. This authenticates the server with the external authority. Can be an object including username and password or null to not authenticate the request. Defaults to "credentials".
  • 'objectName' - (when using the POST method) the name of the object to be sent to the external authority. Can be a string or null to put the properties at the root level. Defaults to "credentials".
  • 'responseObjectName' - the name of the object that will be returned by the external authority. Defaults to "credentials".
  • 'otherData' - static object to be merged with the credentials object being sent. Defaults to null.
  • 'usernameProperty' , 'passwordProperty' - names of the username and password properties sent to the server. Defaults to "username" and "password".

Stats

Dependencies
6
Dependent packages
5
Dependent repositories
0
Total releases
11
Latest release
First release
Stars
0
Forks
1
Watchers
13
Contributors
2
Repository size
64.5 KB
SourceRank
9

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

2.0.0
1.2.0
1.1.1
1.1.0
1.0.0
0.2.0
0.1.5
0.1.4
0.1.3
0.1.2
See all 11 releases

Contributors

Kyle Turney Powell Kinney


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2022-06-18 19:04:12 UTC

Login to resync this project