onchallenge method, it’s possible to customise the
authid and the
role (cf https://github.com/crossbario/crossbarexamples/blob/master/authenticate/wampcradynamic/python/authenticator.py#L45).
Is it possible to inject more information in the session that the client could have access to, for example, a temporary access token and/or refresh token?
What we are trying to do is allowing a web app to keep a user logged in after a hard refresh of the page. Currently the solution seems to be to hit something like a “handshake” end-point as soon as the connection is opened that could return a bearer token (and maybe other “restore my state” information), store that in local storage and use that to reestablish the connection.
Any thoughts on how to solve that kind of problem in an elegant way would be appreciated.
Thanks in advance.