2014-01-13 20:00:21 +01:00
Authenticate socket.io incoming connections with JWTs. This is useful if you are build a single page application and you are not using cookies as explained in this blog post: [Cookies vs Tokens. Getting auth right with Angular.JS ](http://blog.auth0.com/2014/01/07/angularjs-authentication-with-cookies-vs-token/ ).
2012-09-05 20:14:36 +02:00
2013-11-15 15:16:16 +01:00
## Installation
2012-09-05 20:14:36 +02:00
```
2014-01-13 20:00:21 +01:00
npm install socketio-jwt
2012-09-05 20:14:36 +02:00
```
2013-11-15 15:16:16 +01:00
## Example usage
2012-09-05 20:14:36 +02:00
```javascript
2014-01-13 20:00:21 +01:00
var io = require("socket.io")(server);
var socketioJwt = require("socketio-jwt");
2012-09-05 20:14:36 +02:00
2013-11-15 15:16:16 +01:00
// set authorization for socket.io
2014-01-13 20:00:21 +01:00
io.set('authorization', socketioJwt.authorize({
secret: 'your secret or public key'
2013-11-20 05:18:44 +01:00
}));
2013-11-15 15:16:16 +01:00
```
2012-11-16 16:43:12 +01:00
2014-01-13 20:00:21 +01:00
For more validation options see [auth0/jsonwebtoken ](https://github.com/auth0/node-jsonwebtoken ).
2012-11-16 16:43:12 +01:00
2014-01-13 20:00:21 +01:00
__Client side__:
2013-11-15 15:16:16 +01:00
2014-01-13 20:00:21 +01:00
For now the only way to append the jwt token is using query string:
2013-11-19 10:52:36 +01:00
```javascript
2014-01-13 20:00:21 +01:00
var socket = io.connect('http://localhost:9000', {
'query': 'token=' + your_jwt
2013-11-19 10:52:36 +01:00
});
```
2014-01-13 20:00:21 +01:00
Take care as URLs has a lenght limitation on Internet Explorer. I opened a [issue in engine-io-client ](https://github.com/LearnBoost/engine.io-client/issues/228 ) to support headers.
2013-11-19 10:52:36 +01:00
2014-01-13 20:00:21 +01:00
## Contribute
2013-11-19 10:52:36 +01:00
2014-01-13 20:00:21 +01:00
You are always welcome to open an issue or provide a pull-request!
2013-11-15 15:16:16 +01:00
Also check out the unit tests:
```bash
npm test
```
2012-09-05 20:14:36 +02:00
2013-11-15 15:16:16 +01:00
## License
2014-01-13 20:00:21 +01:00
Licensed under the MIT-License.
2013 AUTH10 LLC.