In this chapter, we've looked at some basic methods of securing an application with hapi using multiple workflows in an easy-to-manage manner, without interfering with our internal application logic.

We looked first at authentication with hapi, and how it employs the concepts of schemes and strategies to simplify our authentication workflows. We looked at the basic authentication scheme, mainly to demonstrate how authentication would be configured in hapi. We then looked at the more commonly employed cookie authentication scheme, and how it can be used to implement a session for our web applications.

Finally, for authentication, we looked at using third-party services as authentication sources, and combining them with session authentication to maintain state between requests.

Following authentication, we explored hapi's support for authorization, and using scopes to implement simple route-level permissions for our apps.

Hopefully, this chapter has given you a good overview of different methods of securing your hapi application in a sane and structured manner.

In the next chapter, we will look at simplifying validation of both routes and internal logic into reusable models that we can use throughout our applications using the model validation library joi.