3.0.1 • Published 9 years ago

hapi-access-token v3.0.1

Weekly downloads
1
License
BSD
Repository
github
Last release
9 years ago

hapi-access-token

hapi-access-token is a third-party login plugin for hapi. hapi-access-token comes with default support for Facebook. This was built with mobile apps in mind: mobile apps generally authenticate themselves with the installed app, and they simply receive an access token for future requests on the user's behalf.

Build Status

Usage

Add a login endpoint and set it to use the hapi-access-token authentication strategy.

hapi-access-token does not maintain a session. Once the handler is called, the application must set its own session management.

var Hapi = require('hapi');
var Boom = require('boom');
var server = new Hapi.Server(8000);

// Register hapi-access-token with the server
server.register(require('hapi-access-token'), function (err) {

    // Declare an authentication strategy using the hapi-access-token scheme
    server.auth.strategy('facebook-access-token', 'access-token', {
        accessTokenKeyName: 'access_token', // The query parameter key you'll be specifying the access token in,
        profileUrl: 'https://graph.facebook.com/me?access_token=', // The url to get the user's profile,
        validateFunc: function(payload, accessToken, reply) { // The function which will extract the user profile and set it as the request's credentials
            try {
                var profile = JSON.parse(payload);
                var credentials = {};
                credentials.token = accessToken;
                credentials.profile = {
                    id: profile.id,
                    username: profile.username,
                    displayName: profile.name,
                    name: {
                        first: profile.first_name,
                        last: profile.last_name,
                        middle: profile.middle_name
                    },
                    email: profile.email,
                    raw: profile
                };
        
                return reply.continue(null, {credentials: credentials});
            } catch(err) {
                return reply(Boom.unauthorized(err.toString()));
            }
        }
    });

    server.route({
        method: ['GET'],
        path: '/login',   // The callback endpoint registered with the provider
        config: {
            auth: 'facebook-access-token',
            handler: function (request, reply) {

                // Perform any account lookup or registration, setup local session,
                // and redirect to the application. The third-party credentials are
                // stored in request.auth.credentials. Any query parameters from
                // the initial request are passed back via request.auth.credentials.query.
                return reply.redirect('/home');
            }
        }
    });

    server.start();
});

Options

The server.auth.strategy() method requires the following strategy options:

  • accessTokenKeyName - The query parameter key you'll be specifying the access token in.
  • profileUrl - The URL where the user account can be found
  • validateFunc - The function which will parse out the user's profile with the parameters:
    • payload - The response payload from the profileUrl
    • accessToken - The original access token used for this request
    • reply - A Hapi authorization callback with any errors as the first parameter and the request.auth object as the second parameter
boomhoekjoiwreck
@infinitebrahmanuniverse/nolb-hapi-a@everything-registry/sub-chunk-1824
3.0.1

9 years ago

3.0.0

9 years ago

2.0.0

10 years ago

1.0.4

10 years ago

1.0.3

11 years ago

1.0.2

11 years ago

1.0.1

11 years ago

1.0.0

11 years ago

0.0.3

11 years ago

0.0.2

11 years ago

0.0.1

11 years ago