O'Reilly logo

Getting Started with hapi.js by John Brett

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Authorization

While authentication is a process of verifying the identity of a user, authorization is the process of verifying whether they have the permission to access a resource.

Fortunately, hapi has core support for authorization through scopes that allow us to effectively assign a role to a client when we authenticate them, which may be something such as user or admin.

We can then easily specify what roles are authorized to access a route in our route configuration object through the scope property, by passing a string or array of strings. Let's take a look at what a sample application using scopes would look like:

const Hapi = require('hapi'); const Basic = require('hapi-auth-basic'); const server = new Hapi.Server(); server.connection({ port: ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required