The hapi.js documentation is not especially (plete) beginner-friendly1 ...
What is the distinction between a Server Auth Scheme and Strategy?
Do we need to have both?
1If someone can explain the difference we will PR into the docs.
Also posted on:
The hapi.js documentation is not especially (plete) beginner-friendly1 ...
What is the distinction between a Server Auth Scheme and Strategy?
Do we need to have both?
1If someone can explain the difference we will PR into the docs.
Also posted on: https://github./hapijs/discuss/issues/163
Share Improve this question edited Sep 15, 2015 at 11:01 Matt Harrison 13.6k7 gold badges51 silver badges68 bronze badges asked Sep 15, 2015 at 10:32 nelsonicnelsonic 33.2k21 gold badges95 silver badges124 bronze badges1 Answer
Reset to default 14Yes, you need both. They're different things entirely. They're explained here: http://hapijs./tutorials/auth. But let me rehash that differently:
SCHEMES
A scheme is a general type of authentication. Basic authentication and Digest authentication are different types of authentication, and in hapi each would be a different scheme. You can think of a scheme as a template for authentication. A scheme isn’t used directly to authenticate users, instead you create a specific strategy from the scheme.
STRATEGIES
A strategy is a configured instance of a scheme with an assigned name. Strategies exist so you can use the same scheme several times, in a slightly different way. For instance, might decide to you want use basic authentication in your app. For some routes you might wish to validate a user’s passwords against a value in a database and for some other routes, you might wish to check the password against a value stored in a text file. In this case you can create 2 different strategies from the scheme. The scheme to strategy relationship is described visually below:
Most applications will create new strategies from pre-existing schemes that have been released as plugins (i.e. hapi-auth-basic).