via molekilla/hapi-passport-saml · GitHub.
A Hapi plugin that wraps passport-saml for SAML SSO (as SP)
via Authentication and Authorization with hapi. — Medium.
NodeJS has been my favorite system to work with for the past couple of years. It’s extremely fast, there is an amazing ecosystem of code, developers have found creative ways to solve new and old problems, and the community is very supportive. Every day modules are evolving and new ones are being created.
During the time I have spent with node, my favorite module and web server has become hapi.js. It has really solved a lot of problems in a clean way that other node web servers haven’t done yet, and with a focus on security first. Built into hapi you have access to route validation, api documentation, logging, modularity with a plugin architecture, caching, authentication, and authorization.
via Serving React and Flux with Hapi and Webpack — Medium.
via Implement OAuth into your Express, Koa or Hapi applications using Grant | Scotch.
There are a few things we need to know to be able to use OAuth in our applications.
OAuth is used by the web service providers to provide access to user resources in a secure manner. Each developer using this service must create an OAuth application and, after, requires the user to grant access to it.
As a part of the OAuth flow, the user is redirected to the web service’s server, to log in (this step can be omitted if the user has already logged in).
via Express.js vs Sails.js Comparison | Run a Startup.
This is an overview comparing Node.JS frameworks including Express, Sails, HAPI and Lazo.js. Express is clearly the most popular currently version 4 at the time of this writing. The next framework gaining popularity is Sails currently at version 0.10 with 124 code contributors since its inception in 2012. Sails is not an independent framework on its own, because it uses Express for handling HTTP requests. HAPI has 95 code contributors since 2011 but is mainly for building APIs on your server. I am also mentioning Lazo.js because it was developed for SEO compliant websites and single-page applications are natively not SEO-friendly.
Express takes the most common tasks for a web server and makes them easier to use with less lines of code wrapping native Node.js functions. Since there are cases where Express doesn’t abstract a needed function or doesn’t conform to some preferred convention, other frameworks take place. Those other frameworks are not completely independent therefore you still have to use Express. Since Express is already widely written about let’s focus on the other frameworks. The possible main detractions of Express are the lack of database abstraction and real-time socket communication.
via OAuth Integration Using Hapi.
Securing web resources is often a difficult and daunting task. So much so, that it is often left until the last phase of development and then it’s rushed an not done properly. It’s understandable though; security is a very specialized field in development and most people only give it a passing thought – “yeah this should probably be secured…” So then the developers quickly slap together an ad-hoc security method: