Allow additional strategies to authenticate if no token is found #104
Labels
Comments
martinj
added a commit
to martinj/hapi-auth-jwt2
that referenced
this issue
Sep 15, 2015
…#104. Require Bearer to be present in authorisation header.
|
@martinj we absolutely do want to allow/encourage additional strategies, |
|
In my case i was using hapi-auth-bearer-token with a different tokenType. |
|
Out of curiosity what is the other type of Token? |
|
Its an option to hapi-auth-bearer to set a specific scheme in authorization header. |
|
@martinj are you referring to this project: https://www.npmjs.com/package/hapi-auth-bearer ? |
|
No, this project https://github.com/johnbrett/hapi-auth-bearer-token |
|
Oh. Right. 👍 |
nelsonic
added a commit
that referenced
this issue
Oct 9, 2015
Allow additional strategies to authenticate if no token is found #104.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If no token is found please return an empty error with scheme name to allow aditional strategies to be tried. e.g
return reply(Boom.unauthorized(null, 'Token'))From hapi documentation http://hapijs.com/api#serverauthschemename-scheme:
If the err returned by the reply() method includes a message, no additional strategies will be attempted. If the err does not include a message but does include a scheme name (e.g. Boom.unauthorized(null, 'Custom')), additional strategies will be attempted in order of preference.Due to changes in #6 the side effect are that you can't use this with additional strategies that allows for other auth scheme in authorization header, so i would like to se that reverted. Scheme name should be present in the authorization header according to rfc http://www.ietf.org/rfc/rfc2617.txt
The text was updated successfully, but these errors were encountered: