search

hapijs / cookie

Cookie authentication plugin
Other
229 stars 100 forks source link

protecting browser paths endpoints and rest endpoints nicely ? #165

Closed walshe closed 7 years ago

walshe commented 7 years ago

hi, so I got a google auth login button on on myhapi+react app. When google returns a JWT to my frontend I send the jwt back to my server to verify it. I then use hapi's setState to set the cookie in the client in the reply:

reply(...).state(Config.get('/cookieName'), request.query.token);

After this, the hapi-auth-cookie plugin works nicely to check the jwt in every subsequent request (app browser page requests and app rest requests)

However I have one issue, and thats when for example I do the following:

  1. I manually delete the cookie from the client browser
  2. the app tries to make a rest request to a protected endpoint

The endpoint does a 302 and a redirect rather than a 401, so my rest consumer gets back the 'redirectTo' url which is a bunch of thus causing my rest parsing to completely balls up. Whats the best way to handle this ?

walshe commented 7 years ago

realized this is how to do it..

            config: {
                auth: {
                  strategy: 'session'
                },
                plugins: {
                    'hapi-auth-cookie': {
                        redirectTo: false
                    }
                }
            },
lock[bot] commented 4 years ago

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.