Skip to content

Bearer Auth Middleware

The Bearer Auth Middleware provides authentication by verifying an API token in the Request header. The HTTP clients accessing the endpoint will add the Authorization header with Bearer {token} as the header value.

Using curl from the terminal, it would look like this:

curl -H 'Authorization: Bearer honoiscool' http://localhost:8787/auth/page
curl -H 'Authorization: Bearer honoiscool' http://localhost:8787/auth/page

Import

ts
import { Hono } from 'hono'
import { bearerAuth } from 'hono/bearer-auth'
import { Hono } from 'hono'
import { bearerAuth } from 'hono/bearer-auth'
ts
import { Hono } from 'https://deno.land/x/hono/mod.ts'
import { bearerAuth } from 'https://deno.land/x/hono/middleware.ts'
import { Hono } from 'https://deno.land/x/hono/mod.ts'
import { bearerAuth } from 'https://deno.land/x/hono/middleware.ts'

Usage

ts
const app = new Hono()

const token = 'honoiscool'

app.use('/api/*', bearerAuth({ token }))

app.get('/api/page', (c) => {
  return c.json({ message: 'You are authorized' })
})
const app = new Hono()

const token = 'honoiscool'

app.use('/api/*', bearerAuth({ token }))

app.get('/api/page', (c) => {
  return c.json({ message: 'You are authorized' })
})

To restrict to a specific route + method:

ts
const app = new Hono()

const token = 'honoiscool'

app.get('/api/page', (c) => {
  return c.json({ message: 'Read posts' })
})

app.post('/api/page', bearerAuth({ token }), (c) => {
  return c.json({ message: 'Created post!' }, 201)
})
const app = new Hono()

const token = 'honoiscool'

app.get('/api/page', (c) => {
  return c.json({ message: 'Read posts' })
})

app.post('/api/page', bearerAuth({ token }), (c) => {
  return c.json({ message: 'Created post!' }, 201)
})

Options

  • token: string - required
    • The string to validate the incoming bearer token against
  • realm: string
  • prefix: string
    • The prefix for the Authorization header value. Default is "Bearer"
  • hashFunction: Function
    • A function to handle hashing for safe comparison of authentication tokens

Released under the MIT License.