Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. ItĀ collects links to all the places you might be looking at while hunting down a tough bug.

And, if youā€™re still stuck at the end, weā€™re happy to hop on a call to see how we can help out.

How to chain multiple jwt auth strategies

See original GitHub issue

This isnā€™t an issue per se, but Iā€™m struggling like mad to find a solution. I have two types of clients that each have their own signing key. I need to try two jwt strategies in a row; if either of them match, the client should be authenticated.

However, this is not how Hapiā€™s auth system works. If the first strategy fails to decode the token, it stops the chain and the second strategy is never called. I looked at #120 and #130 as they seemed similar, but I wasnā€™t able to find a way to use verifyFunc to achieve the desired behavior.

Basically, I need the first strategy to act like ā€œtryā€ and the second act like ā€œrequiredā€ but I canā€™t figure out how to achieve this. Any ideas would be most appreciated! Sorry if this isnā€™t exactly the right forum for the question, but seems someone must have encountered this use case beforeā€¦

Issue Analytics

  • State:closed
  • Created 7 years ago
  • Reactions:1
  • Comments:11 (3 by maintainers)

github_iconTop GitHub Comments

3reactions
jschrcommented, Sep 9, 2016

@Jiropole Started looking for similar solution today so youā€™ve already helped at least one person. Thanks šŸ‘

3reactions
Jiropolecommented, Sep 9, 2016

Sorry, this versionā€™s easier on the eyes:

    server.auth.strategy('token', 'jwt', 'required', {
        verifyFunc: function (decoded, request, callback) {
            const key = keysByAudience[decoded.aud];
            if (!key) {
                return callback(null, false);
            }

            JWT.verify(request.auth.token, key, { algorithms: ['HS256'] }, (err, decoded) => {
                if (err || !decoded) {
                    return callback(err, false);
                }
                return callback(null, true, decoded);
            });
        }
    });
Read more comments on GitHub >

github_iconTop Results From Across the Web

How to use chain of jwt strategies in NestJS? - Stack Overflow
In my nestjs project, I am trying to use multiple jwt strategies. Here is the jwt-auth.guard.ts: export class JwtAuthGuard extendsĀ ...
Read more >
How to support different JWTs in your Spring Boot application
A practical guide with code examples on how to support multiple JWTs signed by different issuers (in most cases authorization servers).
Read more >
JWT authentication: Best practices and when to use it
Learn how to best use JWT to trust requests by using signatures, exchanging information between parties, and preventing basic securityĀ ...
Read more >
11 JWT Token Security Best Practices | Curity
If you're new to JWTs, here's a quick wrap-up. A JSON Web Token (JWT, pronounced "jot") is a compact and URL-safe way of...
Read more >
How Snyk is normalizing authentication strategies with Gloo ...
This token could then be consumed and validated by services without them needing to handle the complexity of supporting multiple authNĀ ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Unknown authentication strategy jwt

Next page

No error thrown if validateFunc is supplied but 'key' is omitted.