While authentication is a process of verifying the identity of a user, authorization is the process of verifying whether they have the permission to access a resource.
Fortunately, hapi has core support for authorization through scopes that allow us to effectively assign a role to a client when we authenticate them, which may be something such as user or admin.
We can then easily specify what roles are authorized to access a route in our route configuration object through the scope property, by passing a string or array of strings. Let's take a look at what a sample application using scopes would look like:
const Hapi = require('hapi'); const Basic = require('hapi-auth-basic'); const server = new Hapi.Server(); server.connection({ port: 1337 }); server.register([ Basic ], (err) => { // handle err logic const basicConfig = { validateFunc: function (request, username, password, callback) { if (username === 'admin1' && password === 'password') { ...