dwyl / hapi-auth-jwt2

:lock: Secure Hapi.js authentication plugin using JSON Web Tokens (JWT) in Headers, URL or Cookies
ISC License
798 stars 126 forks source link

Inject and Credientials #292

Open charliewilco opened 5 years ago

charliewilco commented 5 years ago

working writing some unit tests.

the token is a valid token.

trying to authenticate my request like this:

    const response = await server.inject({
      method: "GET",
      url: "/api/posts",
      headers: {
        Authorization: token
      }
    });

and this:

    const response = await server.inject({
      method: "GET",
      url: "/api/posts",
      credentials:  token
    });

both are giving me false positives.

i setup my auth strategy like this

  await server.register(require("hapi-auth-jwt2"));

  server.auth.strategy("jwt", "jwt", {
    key: Config.key,
    validate: validate,
    verifyOptions: {
      algorithms: ["HS256"]
    }
  });

does anyone have any clarity on how i should be using server.inject() with this plugin?

Mohamed-Abbas commented 4 years ago

how did you solve this ?