Sign Up for Free

RunKit +

Try any Node.js package right in your browser

This is a playground to test code. It runs a full Node.js environment and already has all of npm’s 400,000 packages pre-installed, including hapi-auth-hawk with all npm packages installed. Try it out:

require("hapi/package.json"); // hapi is a peer dependency. var hapiAuthHawk = require("hapi-auth-hawk")

This service is provided by RunKit and is not affiliated with npm, Inc or the package authors.

hapi-auth-hawk v4.0.1

Hawk authentication plugin

hapi-auth-hawk

hapi Hawk authentication plugin

Build Status

Lead Maintainer: Eran Hammer

Hawk authentication

Hawk authentication provides a holder-of-key authentication scheme. The scheme supports payload authentication. The scheme requires the following options:

  • getCredentialsFunc - credential lookup function with the signature [async] function(id) where:
    • id - the Hawk credentials identifier.
    • throws an internal error.
    • returns { credentials } object where:
      • credentials a credentials object passed back to the application in request.auth.credentials. Set to be null or undefined to indicate unknown credentials (which is not considered an error state).
  • hawk - optional protocol options passed to Hawk.server.authenticate().
const Hapi = require('hapi');

const credentials = {
    d74s3nz2873n: {
        key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
        algorithm: 'sha256'
    }
};

const getCredentialsFunc = function (id) {

    return credentials[id];
};

const start = async () => {

    const server = Hapi.server({ port: 4000 });

    await server.register(require('hapi-auth-hawk'));

    server.auth.strategy('default', 'hawk', { getCredentialsFunc });
    server.auth.default('default');

    server.route({
        method: 'GET',
        path: '/',
        handler: function (request, h) {

            return 'welcome';
        }
    });

    await server.start();

    console.log('Server started listening on %s', server.info.uri);
};

start();

// Ensure process exits on unhandled rejection

process.on('unhandledRejection', (err) => {

    throw err;
});

Bewit authentication

Bewit authentication provides a short-term access to a protected resource by including a token (bewit) in the request query, issued by an authorized party. Bewit is a subset of the Hawk protocol. The scheme can only be used with 'GET' requests and requires the following options:

  • getCredentialsFunc - credential lookup function with the signature async function(id) where:
    • id - the Hawk credentials identifier.
    • throws an internal error.
    • returns { credentials } object where:
      • credentials a credentials object passed back to the application in request.auth.credentials. Set to be null or undefined to indicate unknown credentials (which is not considered an error state).
  • hawk - optional protocol options passed to Hawk.server.authenticateBewit().
const Hapi = require('hapi');

const credentials = {
    d74s3nz2873n: {
        key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
        algorithm: 'sha256'
    }
};

const getCredentialsFunc = function (id) {

    return credentials[id];
};

const start = async () => {

    const server = Hapi.server({ port: 4000 });

    await server.register(require('.'));

    server.auth.strategy('default', 'bewit', { getCredentialsFunc });
    server.auth.default('default');

    server.route({
        method: 'GET',
        path: '/',
        handler: function (request, h) {

            return 'welcome';
        }
    });

    await server.start();

    console.log('Server started listening on %s', server.info.uri);
};

start();

// Ensure process exits on unhandled rejection

process.on('unhandledRejection', (err) => {

    throw err;
});

To send an authenticated Bewit request, the URI must contain the 'bewit' query parameter which can be generated using the Hawk module:

const Hawk = require('hawk');

const credentials = {
    id: 'd74s3nz2873n',
    key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
    algorithm: 'sha256'
};

let uri = 'http://example.com:8080/endpoint';
const bewit = Hawk.client.getBewit(uri, { credentials: credentials, ttlSec: 60 });
uri += '?bewit=' + bewit;

Metadata

RunKit is a free, in-browser JavaScript dev environment for prototyping Node.js code, with every npm package installed. Sign up to share your code.
Sign Up for Free