Merge pull request dwyl#124 from mcortesi/access-token-from-request

Set token in request for access from handler

Author: nelsonic

README.md

@@ -240,6 +240,18 @@ There are _several_ options for generating secret keys.
 The _easist_ way is to simply copy paste a _**strong random string**_ of alpha-numeric characters from https://www.grc.com/passwords.htm
 (_if you want a longer key simply refresh the page and copy-paste multiple random strings_)
 
+## Want to access the JWT token after validation?
+
+[@mcortesi](https://github.com/mcortesi) requested the ability to
+[access the JWT token](https://github.com/dwyl/hapi-auth-jwt2/issues/55) used for authentication.
+
+We added support for that. You can access the extracted JWT token in your handler or any other function
+within the request lifecycle with the `request.auth.token` property.
+
+Take in consideration, that this is the *encoded token*, and it's only useful if you want to use to make
+request to other servers using the user's token. For information inside the token, just use the
+`request.auth.credentials` property.
+
 ## Want to send/store your JWT in a Cookie?
 
 [@benjaminlees](https://github.com/benjaminlees)

lib/index.js

@@ -71,7 +71,8 @@ internals.implementation = function (server, options) {
                 return reply(Boom.unauthorized('Invalid credentials', 'Token'), null, { credentials: credentials || decoded });
               }
               else {
-                return reply.continue({ credentials: credentials || decoded });
+                request.auth.token = token;
+                return reply.continue({ credentials: credentials || decoded, artifacts: token });
               }
             });
           }

package.json

@@ -1,6 +1,6 @@
 {
   "name": "hapi-auth-jwt2",
-  "version": "5.2.0",
+  "version": "5.2.1",
   "description": "Hapi.js Authentication Plugin/Scheme using JSON Web Tokens (JWT)",
   "main": "lib/index.js",
   "repository": {

test/server.js

@@ -29,6 +29,10 @@ var privado = function(req, reply) {
   return reply('worked');
 };
 
+var sendToken = function(req, reply) {
+  return reply(req.auth.token);
+};
+
 server.register(require('../'), function () {
 
   server.auth.strategy('jwt', 'jwt', {
@@ -39,6 +43,7 @@ server.register(require('../'), function () {
 
   server.route([
     { method: 'GET',  path: '/', handler: home, config: { auth: false } },
+    { method: 'GET', path: '/token', handler: sendToken, config: { auth: 'jwt' } },
     { method: 'POST', path: '/privado', handler: privado, config: { auth: 'jwt' } },
     { method: 'POST', path: '/required', handler: privado, config: { auth: { mode: 'required', strategy: 'jwt' } } },
     { method: 'POST', path: '/optional', handler: privado, config: { auth: { mode: 'optional', strategy: 'jwt' } } },

test/test.js

@@ -328,3 +328,20 @@ test("Auth mode 'try' should pass with valid token", function(t) {
     t.end();
   });
 });
+
+test("Scheme should set token in request.auth.token", function(t) {
+  // use the token as the 'authorization' header in requests
+  var token = JWT.sign({ id: 123, "name": "Charlie" }, secret);
+  var options = {
+    method: "GET",
+    url: "/token",
+    headers: { authorization: "Bearer " + token }
+  };
+  // server.inject lets us similate an http request
+  server.inject(options, function(response) {
+    // console.log(" - - - - RESPONSE: ")
+    // console.log(response.result);
+    t.equal(response.result, token, 'Token is accesible from handler');
+    t.end();
+  });
+});