Support websocket authentication

#1

Hi,
I am trying to support websocket authentication using JWT tokens. I was thinking on these lines (https://auth0.com/blog/auth-with-socket-io/). This is how the flow would look like:

  1. Client makes a rest call to /login with Basic Auth credentials.

  2. Server returns a signed JWT.

  3. Client initiates a websocket connection and pass the token in the url in WebSocketClientFactory.

4.Websocket server will get the onConnect callback, which has the Twisted request object, which in turn contains the url. Extracts the token from that and validate it.

My question is how can i expire this websocket connection, because after the first onConnect call, server will only be getting the onMessage callback which only has the payload (not the request object).

Please let me know if the autobahn library already has support for extracting this token during the websocket message exchange as well?

Thanks in advance

Amit

0 Likes

#2

Hi Amit.

Why don’t you/can’t you authenticate against the WAMP server with a username and password?

Regards,

Andrew Eddie

0 Likes