Is it possible to inject custom meta information on authentication?

#1

In the onchallenge method, it’s possible to customise the authid and the role (cf https://github.com/crossbario/crossbarexamples/blob/master/authenticate/wampcradynamic/python/authenticator.py#L45).

Is it possible to inject more information in the session that the client could have access to, for example, a temporary access token and/or refresh token?

What we are trying to do is allowing a web app to keep a user logged in after a hard refresh of the page. Currently the solution seems to be to hit something like a “handshake” end-point as soon as the connection is opened that could return a bearer token (and maybe other “restore my state” information), store that in local storage and use that to reestablish the connection.

Any thoughts on how to solve that kind of problem in an elegant way would be appreciated.

Thanks in advance.

Regards,

Andrew Eddie

0 Likes

#2

Andrew,

In the `onchallenge` method, it's possible to customise the `authid` and
the `role`
(cf https://github.com/crossbario/crossbarexamples/blob/master/authenticate/wampcradynamic/python/authenticator.py#L45).

Is it possible to inject more information in the session that the client
could have access to, for example, a temporary access token and/or
refresh token?

The WAMP-CRA spec allows this, but it's not currently exposed in dynamic authenticators in Crossbar.io.

What we are trying to do is allowing a web app to keep a user logged in
after a hard refresh of the page. Currently the solution seems to be to
hit something like a "handshake" end-point as soon as the connection is
opened that could return a bearer token (and maybe other "restore my
state" information), store that in local storage and use that to
reestablish the connection.

Any thoughts on how to solve that kind of problem in an elegant way
would be appreciated.

Our usual approach is to combined WAMP-CRA with WAMP-Cookie. When the user has authenticated initially and successfully via WAMP-CRA, Crossbar.io sets an auth cookie. Later, when the user comes back, the auth cookie is checked and user is directly authenticated. This works on WAMP-over-WebSocket transports only (eg not RawSocket transports).

Cheers,
/Tobias

···

Am 18.08.2015 um 07:33 schrieb Andrew Eddie:

Thanks in advance.

Regards,
Andrew Eddie

--
You received this message because you are subscribed to the Google
Groups "Autobahn" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to autobahnws+...@googlegroups.com
<mailto:autobahnws+...@googlegroups.com>.
To post to this group, send email to autob...@googlegroups.com
<mailto:autob...@googlegroups.com>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/autobahnws/2302b0bb-d827-49f7-b2a5-478ab411ee61%40googlegroups.com
<https://groups.google.com/d/msgid/autobahnws/2302b0bb-d827-49f7-b2a5-478ab411ee61%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.

0 Likes

#3

Thanks Tobias.

Regards,
Andrew Eddie

···

On 18 August 2015 at 17:58, Tobias Oberstein <tobias.o...@gmail.com> wrote:

Andrew,

Am 18.08.2015 um 07:33 schrieb Andrew Eddie:

In the `onchallenge` method, it's possible to customise the `authid` and
the `role`
(cf
https://github.com/crossbario/crossbarexamples/blob/master/authenticate/wampcradynamic/python/authenticator.py#L45).

Is it possible to inject more information in the session that the client
could have access to, for example, a temporary access token and/or
refresh token?

The WAMP-CRA spec allows this, but it's not currently exposed in dynamic
authenticators in Crossbar.io.

What we are trying to do is allowing a web app to keep a user logged in
after a hard refresh of the page. Currently the solution seems to be to
hit something like a "handshake" end-point as soon as the connection is
opened that could return a bearer token (and maybe other "restore my
state" information), store that in local storage and use that to
reestablish the connection.

Any thoughts on how to solve that kind of problem in an elegant way
would be appreciated.

Our usual approach is to combined WAMP-CRA with WAMP-Cookie. When the user
has authenticated initially and successfully via WAMP-CRA, Crossbar.io sets
an auth cookie. Later, when the user comes back, the auth cookie is checked
and user is directly authenticated. This works on WAMP-over-WebSocket
transports only (eg not RawSocket transports).

Cheers,
/Tobias

Thanks in advance.

Regards,
Andrew Eddie

--
You received this message because you are subscribed to the Google
Groups "Autobahn" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to autobahnws+...@googlegroups.com
<mailto:autobahnws+...@googlegroups.com>.
To post to this group, send email to autob...@googlegroups.com
<mailto:autob...@googlegroups.com>.
To view this discussion on the web visit

https://groups.google.com/d/msgid/autobahnws/2302b0bb-d827-49f7-b2a5-478ab411ee61%40googlegroups.com

<https://groups.google.com/d/msgid/autobahnws/2302b0bb-d827-49f7-b2a5-478ab411ee61%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the
Google Groups "Autobahn" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/autobahnws/ktv3mWSDVFo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
autobahnws+...@googlegroups.com.
To post to this group, send email to autob...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/autobahnws/55D2E5B8.10500%40gmail.com.

For more options, visit https://groups.google.com/d/optout.

0 Likes