Reputation: 100
How Auth works with SocketIO?
I'm new to web sockets (specifically to socketIO interfaces, both client and server), and I wonder how basic JWT auth is usually implemented. How the headers are passed through. Should I add them to every socket listener or emit event? Or just once during the connection. Maybe the connection is already considered private because of the connection id?
I am using Socket.io-client v.4 and flask-socketio. I am interested in general practices and would be grateful for any information or your own experience.
Upvotes: 2
Views: 4548
Answers (1)
Reputation: 67479
There are many ways to pass authentication when you connect:
- HTTP header
- Cookie
- query string
authoption
To pass a token in a header (not valid when connecting directly via WebSocket):
const socket = io({
extraHeaders: {
"Header-Name": "abcd"
}
});
Same site cookies are always passed to the server. To pass cookies cross-site:
const socket = io("https://my-backend.com", {
withCredentials: true
});
To pass it in the query string:
const socket = io({
query: {
token: 'abcd'
}
});
To pass it with the auth option (Socket.IO v3 and up only):
const socket = io({
auth: {
token: "abcd"
}
});
Upvotes: 6
Related Questions
- Using Flask-socketio and the socketIO client
- How to make a Socket.IO client connect to a Python3 Websocket server
- Is there a way to login a user using Flask Socket IO?
- Secure communication between flask-socketio server and python-socketio
- Secure Flask-SocketIO communication with basic authentication
- Connecting to Flask SocketIO implementation
- How to structure Socket.io Authentication
- How does send work in flask-socketio?
- Using Flask-SocketIO with Flask-Login and HTTP Basic Auth
- Flask SocketIO authenticate on connect event by sending token