Sign Up for Free

RunKit +

Try any Node.js package right in your browser

This is a playground to test code. It runs a full Node.js environment and already has all of npm’s 400,000 packages pre-installed, including hapi-auth-opentoken with all npm packages installed. Try it out:

require("hapi/package.json"); // hapi is a peer dependency. var hapiAuthOpentoken = require("hapi-auth-opentoken")

This service is provided by RunKit and is not affiliated with npm, Inc or the package authors.

hapi-auth-opentoken v1.1.0

Opentoken authentication plugin


npm version

Opentoken authentication scheme designed to work with PINGFederate Opentoken endpoints.


const opentoken = {
    register: require('hapi-auth-opentoken'),
    options: {
        password: 'testPassword',
        cipherSuite: 0,
        tokenName: 'opentoken'

server.register([opentoken], (err) => {

    server.auth.strategy('default', 'opentoken', { validateFunc: validate });
    server.route({ method: 'GET', path: '/', config: { auth: 'default' } });

function validate(request, token, callback) {
    // token contains the decrypted saml response
    callback(err, { id: '12345', name: 'Jos Sykes' });


Opentoken takes the following options

  • password - the token decryption shared key (default: null)
  • cipherSuite - the opentoken cipher algorithm used by the server. One of the following [0,1,2,3] (default: 0)
  • tokenName - (required) the name of the parameter in the POST request body to parse the token from
  • tokenTolerance - The amount of time (in seconds) to allow for clock skew between servers in seconds (default: 120)
  • tokenLifetime - The duration (in seconds) for which the token is valid. (default: 300)
  • tokenRenewal - The amount of time (in seconds) the token will renew itself for. (default: 12hrs)


The validation function has a signature of validate(request, token, callback) where

  • request - the hapi.js request object
  • token - the decrypted opentoken saml information
  • callback - a callback function taking the following parameters
    • err - An optional error message which gets logged to stdout, null if no error
    • user - the user information to attach to request.auth.credentials in downstream methods
RunKit is a free, in-browser JavaScript dev environment for prototyping Node.js code, with every npm package installed. Sign up to share your code.
Sign Up for Free