hapi-auth-any

2.0.0 verified Sat Apr 25 auth: no javascript

A hapi.js plugin that combines multiple authentication strategies (including those based on the same scheme) and succeeds if any one of them passes. v2.0.0 requires Node >=18 and @hapi/hapi 21.x. Unlike hapi's built-in strategy mode, which only works with different schemes, this allows combining strategies of the same scheme (e.g., multiple Basic auth strategies). Only returns credentials from the first passing strategy. Throws an AggregateError on failure, preserving individual errors.

Common errors

error Error: hapi-auth-any: strategies option must be an array of strings ↓

cause The strategies option passed to server.auth.strategy is missing, not an array, or contains non-string items.

fix

Ensure server.auth.strategy('any', 'any', { strategies: ['strategy1', 'strategy2'] });

error TypeError: Cannot read properties of undefined (reading 'credentials') ↓

cause The route's auth mode is set to 'any' but none of the combined strategies succeeded, so request.auth.credentials is undefined.

fix

Check that at least one strategy can authenticate the request, or handle missing credentials in the handler.

error AssertionError: Unsupported authentication strategy 'any' ↓

cause The 'any' strategy was not registered via server.auth.strategy before it was used in a route.

fix

First register the combined strategy: server.auth.strategy('any', 'any', { strategies: [...] });

error Error: hapi-auth-any requires @hapi/hapi 21.x ↓

cause Using an older version of @hapi/hapi with hapi-auth-any v2.

fix

Upgrade @hapi/hapi to version 21.x.

Warnings

breaking v2.0.0 drops support for Node.js 14 and 16. Requires Node >=18. ↓

fix Upgrade Node.js to 18 or later.

breaking v2.0.0 drops support for Hapi 19 and 20. Requires @hapi/hapi 21.x. ↓

fix Upgrade @hapi/hapi to 21.x.

breaking v2.0.0 throws a native AggregateError instead of third-party one. The errors property is now an array, not iterable. ↓

fix Access individual errors via err.errors instead of iterating the AggregateError itself.

deprecated v1.0.0 drops support for Node 8. Requires Node >=10. ↓

fix Use Node 10 or later; for Node >=18, use v2.

Install

npm install hapi-auth-any

yarn add hapi-auth-any

pnpm add hapi-auth-any

Imports

default

wrong

const authAny = require('hapi-auth-any')

correct

import authAny from 'hapi-auth-any'

ESM-only since v2 (Node >=18). Use import syntax.

default
```
const authAny = require('hapi-auth-any')
```
CommonJS require works only in v1.x. For v2.x, use ESM import.
plugin
wrong
```
server.register({ plugin: authAny, options: {} })
```
correct
```
await server.register(authAny)
```
The plugin is the default export. Options are passed to server.auth.strategy, not to register.

Quickstart

Registers hapi-auth-any with two Basic strategies and authenticates a route if either succeeds.

import Hapi from '@hapi/hapi';
import authAny from 'hapi-auth-any';
import Basic from '@hapi/basic';

const server = Hapi.server({ port: 8080 });

await server.register([authAny, Basic]);

server.auth.strategy('simple', 'basic', {
  validate: (request, username, password) => {
    return { isValid: username === 'admin' && password === 'secret', credentials: { user: username } };
  }
});

server.auth.strategy('team', 'basic', {
  validate: (request, username, password) => {
    return { isValid: username === 'team' && password === 'pass', credentials: { user: username } };
  }
});

server.auth.strategy('any', 'any', {
  strategies: ['simple', 'team']
});

server.route({
  method: 'GET',
  path: '/',
  options: { auth: 'any' },
  handler: (request, h) => {
    return `Authenticated as ${request.auth.credentials.user}`;
  }
});

await server.start();
console.log('Server running on %s', server.info.uri);