Custom authentication? #339
Labels
Comments
|
Anyone? |
|
Hello?! |
|
AutobahnJS dont support HTTP-Headers atm. The probably best way, is to send the token in the payload on every websocket-request and verify against it. Since the token can get invalid and the websocket-connection is keep open, only checking at connection-start is not enough. If anyone has a better way, please share your knowledge :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm using this Bundle as backend on symfony, and extracted the frontend for my Cordova app. Connecting and subscribing and all the rest works great!
However, since external apps are connecting to the server I want to authenticate connections. The app I've made logs in via our API, which returns a token that we use in the Header Bearer Authorization. Each API call that's made uses this token to verify a legit connection.
I hoped to use this token (since it's the same device) for setting up a WebSocket connection. But all I can find is for user authentication, but I don't think that's what I need, or at least not with the examples.
Can I use the current header I now sent to set up a connection? Basically I receive this token while setting up a connection, and then the server should accept or drop the connection. Is this possible? I assume you don't need this for every call right? Since it's a socket that's open when authentication is done.
edit: Found a way to close the connection of a user with the onConnect listener. It's not ideal and too late, but it's better then nothing. The biggest problem is the client-side now I think. How do I add headers or anything else that I can verify?
The text was updated successfully, but these errors were encountered: