socketio-jwt/README.md

<h1 align="center">Thream/socketio-jwt</h1>

<p align="center">
  <strong>Authenticate socket.io incoming connections with JWTs.</strong>
</p>

<p align="center">
  <strong>⚠️ This project is not maintained anymore, you can still use the code as you wish and fork it to maintain it yourself.</strong>
</p>

<p align="center">
  <a href="./CONTRIBUTING.md"><img src="https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat" /></a>
  <a href="./LICENSE"><img src="https://img.shields.io/badge/licence-MIT-blue.svg" alt="Licence MIT"/></a>
  <a href="./CODE_OF_CONDUCT.md"><img src="https://img.shields.io/badge/Contributor%20Covenant-v2.0%20adopted-ff69b4.svg" alt="Contributor Covenant" /></a>
  <br/>
  <a href="https://github.com/Thream/socketio-jwt/actions/workflows/build.yml"><img src="https://github.com/Thream/socketio-jwt/actions/workflows/build.yml/badge.svg?branch=develop" /></a>
  <a href="https://github.com/Thream/socketio-jwt/actions/workflows/lint.yml"><img src="https://github.com/Thream/socketio-jwt/actions/workflows/lint.yml/badge.svg?branch=develop" /></a>
  <a href="https://github.com/Thream/socketio-jwt/actions/workflows/test.yml"><img src="https://github.com/Thream/socketio-jwt/actions/workflows/test.yml/badge.svg?branch=develop" /></a>
  <br />
  <a href="https://conventionalcommits.org"><img src="https://img.shields.io/badge/Conventional%20Commits-1.0.0-yellow.svg" alt="Conventional Commits" /></a>
  <a href="https://github.com/semantic-release/semantic-release"><img src="https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg" alt="semantic-release" /></a>
  <a href="https://www.npmjs.com/package/@thream/socketio-jwt"><img src="https://img.shields.io/npm/v/@thream/socketio-jwt.svg" alt="npm version"></a>
</p>

## 📜 About

Authenticate socket.io incoming connections with JWTs.

This repository was originally forked from [auth0-socketio-jwt](https://github.com/auth0-community/auth0-socketio-jwt) and it is not intended to take any credit but to improve the code from now on.

## Prerequisites

- [Node.js](https://nodejs.org/) >= 16.0.0
- [Socket.IO](https://socket.io/) >= 3.0.0

## 💾 Install

**Note:** It is a package that is recommended to use/install on both the client and server sides.

```sh
npm install --save @thream/socketio-jwt
```

## ⚙️ Usage

### Server side

```ts
import { Server } from "socket.io"
import { authorize } from "@thream/socketio-jwt"

const io = new Server(9000)
io.use(
  authorize({
    secret: "your secret or public key",
  }),
)

io.on("connection", async (socket) => {
  // jwt payload of the connected client
  console.log(socket.decodedToken)
  const clients = await io.sockets.allSockets()
  if (clients != null) {
    for (const clientId of clients) {
      const client = io.sockets.sockets.get(clientId)
      client?.emit("messages", { message: "Success!" })
      // we can access the jwt payload of each connected client
      console.log(client?.decodedToken)
    }
  }
})
```

### Server side with `jwks-rsa` (example)

```ts
import jwksClient from "jwks-rsa"
import { Server } from "socket.io"
import { authorize } from "@thream/socketio-jwt"

const client = jwksClient({
  jwksUri: "https://sandrino.auth0.com/.well-known/jwks.json",
})

const io = new Server(9000)
io.use(
  authorize({
    secret: async (decodedToken) => {
      const key = await client.getSigningKeyAsync(decodedToken.header.kid)
      return key.getPublicKey()
    },
  }),
)

io.on("connection", async (socket) => {
  // jwt payload of the connected client
  console.log(socket.decodedToken)
  // You can do the same things of the previous example there...
})
```

### Server side with `onAuthentication` (example)

```ts
import { Server } from "socket.io"
import { authorize } from "@thream/socketio-jwt"

const io = new Server(9000)
io.use(
  authorize({
    secret: "your secret or public key",
    onAuthentication: async (decodedToken) => {
      // return the object that you want to add to the user property
      // or throw an error if the token is unauthorized
    },
  }),
)

io.on("connection", async (socket) => {
  // jwt payload of the connected client
  console.log(socket.decodedToken)
  // You can do the same things of the previous example there...
  // user object returned in onAuthentication
  console.log(socket.user)
})
```

### `authorize` options

- `secret` is a string containing the secret for HMAC algorithms, or a function that should fetch the secret or public key as shown in the example with `jwks-rsa`.
- `algorithms` (default: `HS256`)
- `onAuthentication` is a function that will be called with the `decodedToken` as a parameter after the token is authenticated. Return a value to add to the `user` property in the socket object.

### Client side

```ts
import { io } from "socket.io-client"
import { isUnauthorizedError } from "@thream/socketio-jwt/build/UnauthorizedError.js"

// Require Bearer Token
const socket = io("http://localhost:9000", {
  auth: { token: `Bearer ${yourJWT}` },
})

// Handling token expiration
socket.on("connect_error", (error) => {
  if (isUnauthorizedError(error)) {
    console.log("User token has expired")
  }
})

// Listening to events
socket.on("messages", (data) => {
  console.log(data)
})
```

## 💡 Contributing

Anyone can help to improve the project, submit a Feature Request, a bug report or even correct a simple spelling mistake.

The steps to contribute can be found in the [CONTRIBUTING.md](./CONTRIBUTING.md) file.

## 📄 License

[MIT](./LICENSE)
chore: fix package.json syntax error 2021-01-07 05:45:46 +01:00			`<h1 align="center">Thream/socketio-jwt</h1>`
Update README.md 2019-07-23 15:22:23 +02:00
docs(readme): update badges & transition to Thream 2020-12-27 17:50:47 +01:00			`<p align="center">`
			`<strong>Authenticate socket.io incoming connections with JWTs.</strong>`
			`</p>`
add travis config 2015-05-29 14:42:14 +02:00
fix: archive repository This project is not anymore maintained. 2024-11-11 14:55:04 +01:00			`<p align="center">`
			`<strong>⚠️ This project is not maintained anymore, you can still use the code as you wish and fork it to maintain it yourself.</strong>`
			`</p>`

docs(readme): update badges & transition to Thream 2020-12-27 17:50:47 +01:00			`<p align="center">`
chore: add semantic-release close #153 2021-07-23 23:15:52 +02:00			`<a href="./CONTRIBUTING.md"><img src="https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat" /></a>`
docs(readme): update badges & transition to Thream 2020-12-27 17:50:47 +01:00			`<a href="./LICENSE"><img src="https://img.shields.io/badge/licence-MIT-blue.svg" alt="Licence MIT"/></a>`
chore: add semantic-release close #153 2021-07-23 23:15:52 +02:00			`<a href="./CODE_OF_CONDUCT.md"><img src="https://img.shields.io/badge/Contributor%20Covenant-v2.0%20adopted-ff69b4.svg" alt="Contributor Covenant" /></a>`
			`<br/>`
			`<a href="https://github.com/Thream/socketio-jwt/actions/workflows/build.yml"><img src="https://github.com/Thream/socketio-jwt/actions/workflows/build.yml/badge.svg?branch=develop" /></a>`
			`<a href="https://github.com/Thream/socketio-jwt/actions/workflows/lint.yml"><img src="https://github.com/Thream/socketio-jwt/actions/workflows/lint.yml/badge.svg?branch=develop" /></a>`
			`<a href="https://github.com/Thream/socketio-jwt/actions/workflows/test.yml"><img src="https://github.com/Thream/socketio-jwt/actions/workflows/test.yml/badge.svg?branch=develop" /></a>`
			`<br />`
docs(readme): update badges & transition to Thream 2020-12-27 17:50:47 +01:00			`<a href="https://conventionalcommits.org"><img src="https://img.shields.io/badge/Conventional%20Commits-1.0.0-yellow.svg" alt="Conventional Commits" /></a>`
chore: add semantic-release close #153 2021-07-23 23:15:52 +02:00			`<a href="https://github.com/semantic-release/semantic-release"><img src="https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg" alt="semantic-release" /></a>`
			`<a href="https://www.npmjs.com/package/@thream/socketio-jwt"><img src="https://img.shields.io/npm/v/@thream/socketio-jwt.svg" alt="npm version"></a>`
docs(readme): update badges & transition to Thream 2020-12-27 17:50:47 +01:00			`</p>`
Update README.md 2019-07-16 11:33:44 +02:00
docs(readme): update badges & transition to Thream 2020-12-27 17:50:47 +01:00			`## 📜 About`
Update README.md 2019-07-16 11:33:44 +02:00
docs: delete changelog and blog post in readme 2020-12-27 18:08:49 +01:00			`Authenticate socket.io incoming connections with JWTs.`
initial 2012-09-05 20:14:36 +02:00
docs: improve Prerequisites section 2023-08-06 11:45:16 +02:00			`This repository was originally forked from [auth0-socketio-jwt](https://github.com/auth0-community/auth0-socketio-jwt) and it is not intended to take any credit but to improve the code from now on.`
Unified README structure. 2019-01-15 17:43:44 +01:00
feat: usage of ESM modules imports (instead of CommonJS) BREAKING CHANGE: This package is now pure ESM BREAKING CHANGE: minimum supported Node.js >= 16.0.0 2022-04-07 10:11:48 +02:00			`## Prerequisites`

			`- [Node.js](https://nodejs.org/) >= 16.0.0`
docs: improve Prerequisites section 2023-08-06 11:45:16 +02:00			`- [Socket.IO](https://socket.io/) >= 3.0.0`
feat: usage of ESM modules imports (instead of CommonJS) BREAKING CHANGE: This package is now pure ESM BREAKING CHANGE: minimum supported Node.js >= 16.0.0 2022-04-07 10:11:48 +02:00
docs(readme): update usage 2020-12-29 04:30:34 +01:00			`## 💾 Install`
Unified README structure. 2019-01-15 17:43:44 +01:00
feat: add `isUnauthorizedError` type guard fixes #328 2022-02-18 17:20:59 +01:00			`Note: It is a package that is recommended to use/install on both the client and server sides.`

docs(readme): update badges & transition to Thream 2020-12-27 17:50:47 +01:00			```sh
docs(readme): update usage 2020-12-29 04:30:34 +01:00			`npm install --save @thream/socketio-jwt`
initial 2012-09-05 20:14:36 +02:00			```

docs(readme): update badges & transition to Thream 2020-12-27 17:50:47 +01:00			`## ⚙️ Usage`
initial 2012-09-05 20:14:36 +02:00
docs(readme): update usage 2020-12-29 04:30:34 +01:00			`### Server side`
updated README to include information about Auth Header Requirement - DK/MW 2016-10-20 18:18:40 +02:00
docs(readme): update usage 2020-12-29 04:30:34 +01:00			```ts
chore: better Prettier config for easier reviews 2023-10-23 23:44:50 +02:00			`import { Server } from "socket.io"`
			`import { authorize } from "@thream/socketio-jwt"`
updated README to include information about Auth Header Requirement - DK/MW 2016-10-20 18:18:40 +02:00
docs(readme): update usage 2020-12-29 04:30:34 +01:00			`const io = new Server(9000)`
chore: initial commit 2020-12-27 17:25:44 +01:00			`io.use(`
docs(readme): update usage 2020-12-29 04:30:34 +01:00			`authorize({`
chore: better Prettier config for easier reviews 2023-10-23 23:44:50 +02:00			`secret: "your secret or public key",`
			`}),`
chore: initial commit 2020-12-27 17:25:44 +01:00			`)`
Added example of handling token expiration 2014-09-04 07:47:17 +02:00
chore: better Prettier config for easier reviews 2023-10-23 23:44:50 +02:00			`io.on("connection", async (socket) => {`
feat: improve types by extending socket.io module (#6) 2021-01-04 14:35:59 +01:00			`// jwt payload of the connected client`
			`console.log(socket.decodedToken)`
docs(readme): update usage 2020-12-29 04:30:34 +01:00			`const clients = await io.sockets.allSockets()`
feat: improve types by extending socket.io module (#6) 2021-01-04 14:35:59 +01:00			`if (clients != null) {`
			`for (const clientId of clients) {`
			`const client = io.sockets.sockets.get(clientId)`
chore: better Prettier config for easier reviews 2023-10-23 23:44:50 +02:00			`client?.emit("messages", { message: "Success!" })`
feat: improve types by extending socket.io module (#6) 2021-01-04 14:35:59 +01:00			`// we can access the jwt payload of each connected client`
			`console.log(client?.decodedToken)`
			`}`
Added example of handling token expiration 2014-09-04 07:47:17 +02:00			`}`
chore: initial commit 2020-12-27 17:25:44 +01:00			`})`
Add ability to generate secret dynamically This allow you to pass a function instead of an string in order to generate secret based on the new connection features. 2015-11-18 21:36:24 +01:00			```
doc changes to allow optional async disconnect 2015-12-26 05:17:01 +01:00
feat: add support for jwks-rsa (#1) 2021-01-07 14:30:37 +01:00			### Server side with `jwks-rsa` (example)

			```ts
chore: better Prettier config for easier reviews 2023-10-23 23:44:50 +02:00			`import jwksClient from "jwks-rsa"`
			`import { Server } from "socket.io"`
			`import { authorize } from "@thream/socketio-jwt"`
feat: add support for jwks-rsa (#1) 2021-01-07 14:30:37 +01:00
			`const client = jwksClient({`
chore: better Prettier config for easier reviews 2023-10-23 23:44:50 +02:00			`jwksUri: "https://sandrino.auth0.com/.well-known/jwks.json",`
feat: add support for jwks-rsa (#1) 2021-01-07 14:30:37 +01:00			`})`

			`const io = new Server(9000)`
			`io.use(`
			`authorize({`
			`secret: async (decodedToken) => {`
			`const key = await client.getSigningKeyAsync(decodedToken.header.kid)`
docs(readme): key.getPublicKey() with jwks-rsa 2021-01-28 18:53:56 +01:00			`return key.getPublicKey()`
chore: better Prettier config for easier reviews 2023-10-23 23:44:50 +02:00			`},`
			`}),`
feat: add support for jwks-rsa (#1) 2021-01-07 14:30:37 +01:00			`)`

chore: better Prettier config for easier reviews 2023-10-23 23:44:50 +02:00			`io.on("connection", async (socket) => {`
feat: add support for jwks-rsa (#1) 2021-01-07 14:30:37 +01:00			`// jwt payload of the connected client`
			`console.log(socket.decodedToken)`
			`// You can do the same things of the previous example there...`
			`})`
			```

feat: add optional onAuthentication option to add user property in socket object (#62) 2021-03-08 13:45:39 +01:00			### Server side with `onAuthentication` (example)

			```ts
chore: better Prettier config for easier reviews 2023-10-23 23:44:50 +02:00			`import { Server } from "socket.io"`
			`import { authorize } from "@thream/socketio-jwt"`
feat: add optional onAuthentication option to add user property in socket object (#62) 2021-03-08 13:45:39 +01:00
			`const io = new Server(9000)`
			`io.use(`
			`authorize({`
chore: better Prettier config for easier reviews 2023-10-23 23:44:50 +02:00			`secret: "your secret or public key",`
feat: add `isUnauthorizedError` type guard fixes #328 2022-02-18 17:20:59 +01:00			`onAuthentication: async (decodedToken) => {`
chore: improve config files 2021-03-08 14:33:53 +01:00			`// return the object that you want to add to the user property`
			`// or throw an error if the token is unauthorized`
chore: better Prettier config for easier reviews 2023-10-23 23:44:50 +02:00			`},`
			`}),`
feat: add optional onAuthentication option to add user property in socket object (#62) 2021-03-08 13:45:39 +01:00			`)`

chore: better Prettier config for easier reviews 2023-10-23 23:44:50 +02:00			`io.on("connection", async (socket) => {`
feat: add optional onAuthentication option to add user property in socket object (#62) 2021-03-08 13:45:39 +01:00			`// jwt payload of the connected client`
			`console.log(socket.decodedToken)`
			`// You can do the same things of the previous example there...`
			`// user object returned in onAuthentication`
			`console.log(socket.user)`
			`})`
			```

docs: add authorize options 2021-02-18 20:14:56 +01:00			### `authorize` options

			- `secret` is a string containing the secret for HMAC algorithms, or a function that should fetch the secret or public key as shown in the example with `jwks-rsa`.
			- `algorithms` (default: `HS256`)
chore: improve config files 2021-03-08 14:33:53 +01:00			- `onAuthentication` is a function that will be called with the `decodedToken` as a parameter after the token is authenticated. Return a value to add to the `user` property in the socket object.
docs: add authorize options 2021-02-18 20:14:56 +01:00
docs(readme): update usage 2020-12-29 04:30:34 +01:00			`### Client side`
doc changes to allow optional async disconnect 2015-12-26 05:17:01 +01:00
docs(readme): update usage 2020-12-29 04:30:34 +01:00			```ts
chore: better Prettier config for easier reviews 2023-10-23 23:44:50 +02:00			`import { io } from "socket.io-client"`
			`import { isUnauthorizedError } from "@thream/socketio-jwt/build/UnauthorizedError.js"`
doc changes to allow optional async disconnect 2015-12-26 05:17:01 +01:00
feat: usage of auth option to send credentials BREAKING CHANGE: extraHeaders with Authorization doesn't work anymore See: https://socket.io/docs/v3/middlewares/#Sending-credentials 2021-02-22 13:00:53 +01:00			`// Require Bearer Token`
chore: better Prettier config for easier reviews 2023-10-23 23:44:50 +02:00			`const socket = io("http://localhost:9000", {`
			auth: { token: `Bearer ${yourJWT}` },
chore: initial commit 2020-12-27 17:25:44 +01:00			`})`
doc changes to allow optional async disconnect 2015-12-26 05:17:01 +01:00
docs(readme): update usage 2020-12-29 04:30:34 +01:00			`// Handling token expiration`
chore: better Prettier config for easier reviews 2023-10-23 23:44:50 +02:00			`socket.on("connect_error", (error) => {`
feat: add `isUnauthorizedError` type guard fixes #328 2022-02-18 17:20:59 +01:00			`if (isUnauthorizedError(error)) {`
chore: better Prettier config for easier reviews 2023-10-23 23:44:50 +02:00			`console.log("User token has expired")`
doc changes to allow optional async disconnect 2015-12-26 05:17:01 +01:00			`}`
chore: initial commit 2020-12-27 17:25:44 +01:00			`})`
add example for using customDecoded function 2019-10-29 11:39:38 +01:00
docs(readme): update usage 2020-12-29 04:30:34 +01:00			`// Listening to events`
chore: better Prettier config for easier reviews 2023-10-23 23:44:50 +02:00			`socket.on("messages", (data) => {`
docs(readme): update usage 2020-12-29 04:30:34 +01:00			`console.log(data)`
chore: initial commit 2020-12-27 17:25:44 +01:00			`})`
add example for using customDecoded function 2019-10-29 11:39:38 +01:00			```

docs(readme): update badges & transition to Thream 2020-12-27 17:50:47 +01:00			`## 💡 Contributing`
chore: initial commit 2020-12-27 17:25:44 +01:00
docs(readme): update badges & transition to Thream 2020-12-27 17:50:47 +01:00			`Anyone can help to improve the project, submit a Feature Request, a bug report or even correct a simple spelling mistake.`
chore: initial commit 2020-12-27 17:25:44 +01:00
chore: improve config files 2021-03-08 14:33:53 +01:00			`The steps to contribute can be found in the [CONTRIBUTING.md](./CONTRIBUTING.md) file.`
Unified README structure. 2019-01-15 17:43:44 +01:00
docs(readme): update badges & transition to Thream 2020-12-27 17:50:47 +01:00			`## 📄 License`
Unified README structure. 2019-01-15 17:43:44 +01:00
docs(readme): update badges & transition to Thream 2020-12-27 17:50:47 +01:00			`[MIT](./LICENSE)`