JSON Web Tokens (JWTs) and Crossbar

#1

I’m building an API that will use JSON Web Tokens (JWTs), and I’m wondering about how that will fit in with Crossbar.
Usually a client will authenticate with the authentication server and receive a refresh and access token. The client will then use the
access token (which has a short expiration time) to access protected resources. Once the access token has expired, the client
will use the refresh token (long expiration time) to get a new access token.

My question is how or if this would work with Crossbar? My understanding is that if a client were to authenticate to Crossbar
with an access token, once the authentication happens once the client could stay authenticated for the duration of the
websocket (ignoring the access token expiration).

Is there a way in which this design would work, or should I not even be trying to use JWTs with Crossbar?
If JWTs would be an acceptable way to authenticate/authorize to Crossbar, could this be supported in the future?

0 Likes

#2

Based on what you’ve written it doesn’t really sound like JWT is a good fit for Crossbar.

JWT is aimed at the traditional request-response based communication style where the same connection is not necessarily shared between

request-response cycles.

With WebSockets the connection between the client the the server is persistent and hence once the initial authentication has been performed it will

not happen again unless the connection is disrupted for some reason (E.g. Page reload in browser, restart of Crossbar server, internet connectivity failure, etc).

···

On Saturday, 25 June 2016 13:18:00 UTC+2, Caleb Pineur wrote:

I’m building an API that will use JSON Web Tokens (JWTs), and I’m wondering about how that will fit in with Crossbar.
Usually a client will authenticate with the authentication server and receive a refresh and access token. The client will then use the
access token (which has a short expiration time) to access protected resources. Once the access token has expired, the client
will use the refresh token (long expiration time) to get a new access token.

My question is how or if this would work with Crossbar? My understanding is that if a client were to authenticate to Crossbar
with an access token, once the authentication happens once the client could stay authenticated for the duration of the
websocket (ignoring the access token expiration).

Is there a way in which this design would work, or should I not even be trying to use JWTs with Crossbar?
If JWTs would be an acceptable way to authenticate/authorize to Crossbar, could this be supported in the future?

0 Likes