validation function Do not execute

[shanpeng238]

const Hapi = require('hapi');

const people = { // our "users database"
1: {
id: 1,
name: 'Jen Jones'
}
};

// bring your own validation function
const validate = async function (decoded, request, h) {

console.log("Test validate");

// do your checks to see if the person is valid
if (!people[decoded.id]) {
  return { valid: false };
}
else {
  return { valid: true };
}

};

const init = async () => {
const server = new Hapi.Server({ port: 8000 });
// include our module here ↓↓
await server.register(require('../lib'));
server.auth.strategy('jwt', 'jwt',
{ key: 'NeverShareYourSecret', // Never Share your secret key
validate // validate function defined above
});

server.auth.default('jwt');

server.route([
{
method: "GET", path: "/", config: { auth: false },
handler: function(request, h) {
return {text: 'Token not required'};
}
},
{
method: 'GET', path: '/restricted', config: { auth: 'jwt' },
handler: function(request, h) {
const response = h.response({text: 'You used a Token!'});
response.header("Authorization", request.headers.authorization);
return response;
}
}
]);
await server.start();
return server;
}
init().then(server => {
console.log('Server running at:', server.info.uri);
})
.catch(err => {
console.log(err);
});

I want to test ‘’validation function”，but validation function Do not execute。

[jeremyrajan]

I get the same issue as well... I cant get validate function to fire. Any idea? I am using the latest version of Hapi and hapi-auth-jwt2.

Any help will be highly appreciated!

Thank you!

[fauzanss]

check your secret key, i have same issue, try with put secret key directly. not with environment variable.

this._server.auth.strategy('jwt', 'jwt', {
        key: 'JAFNDKSAJDIJOKJASNDJSAHD37948UEJNQIR73112IJEINJKQNIUWQYD8H3DNEKJWQNBDIDYH8QIDNIJWQK', 
        validate: validate, // validate function defined above
        verifyOptions: { algorithm : 'HS256' } // pick a strong algorithm
      });

[jeremyrajan]

@Faustrata yes I have done that from the beginning. It does not fire the function at all,

server.auth.strategy('jwt', 'jwt', {
      key: 'JAFNDKSAJDIJOKJASNDJSAHD37948UEJNQIR73112IJEINJKQNIUWQYD8H3DNEKJWQNBDIDYH8QIDNIJWQK', 
      validate: validate, // validate function defined above
      verifyOptions: { algorithm : 'HS256' } // pick a strong algorithm
    });

I am quite confused 😕. Whats the version of Hapi & the jwt lib you are using?

[jeremyrajan]

Ok, I think the reason why the validate function was not getting called was because the secret keys didnt match (in my case). Once I made sure that the secret key with what you sign the token vs the one that you pass when setting up the strategy is same, then all should work.

But one thing, I noticed is that only when the validation passes then validate function is called. If the key's dont match (or anything else which doesnt pass validation at key level) then you don't get to the validate function, hence the confusion. Probably needs more documenting @nelsonic :)

Thanks for the great lib 👍 !

[tindecken]

I meet the same issue, I put secret directly in the code but the validate function is not called.