Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

scope based validation #359

Open
tcurdt opened this issue Mar 19, 2021 · 3 comments
Open

scope based validation #359

tcurdt opened this issue Mar 19, 2021 · 3 comments
Labels
help wanted question user-feedback

Comments

@tcurdt
Copy link

tcurdt commented Mar 19, 2021

I cannot seem to find any information in the docs on having different validations per scope.

options: {
    auth: {
        scope: ['user', 'admin']
    },
    validate: {
      // for scope user
      // for scope admin
    }

Feels like this should be common requirement.
Is this possible?
@nelsonic
Copy link
Member

Hi @tcurdt, thanks for opening this issue. Indeed the docs are short on the scope use case but it's definitely possible to do what you have in mind.

https://github.com/dwyl/hapi-auth-jwt2/search?q=scope
image

The test:

hapi-auth-jwt2/test/scopes.test.js

Lines 7 to 22 in 54369d3

test("Access restricted content using scopes (with VALID Token and VALID scope)", async function(t) {
// use the token as the 'authorization' header in requests
const token = JWT.sign({ id: 123, "name": "Charlie" }, secret);
const options = {
method: "POST",
url: "/privado-with-scope",
headers: { authorization: "Bearer " + token }
};
// server.inject lets us simulate an http request
const response = await server.inject(options);
// console.log(" - - - - RESPONSE: ");
// console.log(response.result);
t.equal(response.statusCode, 200, "VALID Token should succeed!");
t.end();
});

Sample server config:

hapi-auth-jwt2/test/scopes_server.js

Lines 47 to 50 in 54369d3

server.route([
{ method: 'GET', path: '/', handler: home, config: { auth: false } },
{ method: 'POST', path: '/privado-with-scope', handler: privado, config: { auth: { strategy: 'jwt', scope: [ 'Admin' ] } } }
]);

Hope that's helpful. 💭

If you would like to create a Pull Request updating the docs once you have your code working, please do. 👍

@tcurdt
Copy link
Author

tcurdt commented Mar 19, 2021
edited

@nelsonic thanks for all the links. I guess I wasn't quite clear in my question. I was talking about the validation with joi. It was more about accessing the scope from within the joi schema - or switching them. But I've made some progress.

I was trying to get something along the lines of this working:

options: {
    auth: {
        scope: ['user', 'admin']
    },
    validate: Joi.alternatives()
       .when(Joi.ref('$app.credentials.scope'), {
         is: Joi.string().equal('user'),
         then: Joi.object({...})
       })
       .when(Joi.ref('$app.credentials.scope'), {
         is: Joi.string().equal('admin'),
         then: Joi.object({...})
       })

Given that the scope is available inside the context and can be referenced this has probably become more of a joi question. But it feels like this is should be a common problem and deserves some docs.

Happy to help with the docs once I get it all working.

@nelsonic
Copy link
Member

Ah, that makes sense. Yeah, that's definitely more of a Joi thing but worth adding to the docs as a good use-case. 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted question user-feedback
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tcurdt @nelsonic