2
1
mirror of https://github.com/Thream/socketio-jwt.git synced 2024-11-09 22:20:08 +01:00
socketio-jwt/README.md

82 lines
2.2 KiB
Markdown
Raw Normal View History

Authenticate socket.io incoming connections with JWTs. This is useful if you are build a single page application and you are not using cookies as explained in this blog post: [Cookies vs Tokens. Getting auth right with Angular.JS](http://blog.auth0.com/2014/01/07/angularjs-authentication-with-cookies-vs-token/).
2012-09-05 20:14:36 +02:00
2013-11-15 15:16:16 +01:00
## Installation
2012-09-05 20:14:36 +02:00
```
npm install socketio-jwt
2012-09-05 20:14:36 +02:00
```
2013-11-15 15:16:16 +01:00
## Example usage
2012-09-05 20:14:36 +02:00
2014-01-14 12:30:39 +01:00
```javascript
// set authorization for socket.io
io.sockets
.on('connection', socketioJwt.authorize({
secret: 'your secret or public key',
timeout: 15000 // 15 seconds to send the authentication message
2014-03-25 13:11:39 +01:00
})).on('authenticated', function(socket) {
2014-01-14 12:30:39 +01:00
//this socket is authenticated, we are good to handle more events from it.
console.log('hello! ' + socket.decoded_token.name);
}));
```
**Note:** If you are using a base64-encoded secret (e.g. your Auth0 secret key), you need to convert it to a Buffer: `Buffer('your secret key', 'base64')`
2014-01-14 12:30:39 +01:00
__Client side__:
```javascript
var socket = io.connect('http://localhost:9000');
socket.on('connect', function (socket) {
socket
.on('authenticated', function () {
//do other things
})
.emit('authenticate', {token: jwt}); //send the jwt
});
```
## One roundtrip
The previous approach uses a second roundtrip to send the jwt, there is a way you can authenticate on the handshake by sending the JWT as a query string, the caveat is that intermediary HTTP servers can log the url.
2012-09-05 20:14:36 +02:00
```javascript
var io = require("socket.io")(server);
var socketioJwt = require("socketio-jwt");
2012-09-05 20:14:36 +02:00
2013-11-15 15:16:16 +01:00
// set authorization for socket.io
io.set('authorization', socketioJwt.authorize({
2014-01-14 12:30:39 +01:00
secret: 'your secret or public key',
handshake: true
}));
2014-01-13 22:41:10 +01:00
io.on('connection', function (socket) {
console.log('hello! ', socket.handshake.decoded_token.name);
})
2013-11-15 15:16:16 +01:00
```
2012-11-16 16:43:12 +01:00
For more validation options see [auth0/jsonwebtoken](https://github.com/auth0/node-jsonwebtoken).
2012-11-16 16:43:12 +01:00
__Client side__:
2013-11-15 15:16:16 +01:00
2014-01-13 22:41:10 +01:00
Append the jwt token using query string:
2013-11-19 10:52:36 +01:00
```javascript
var socket = io.connect('http://localhost:9000', {
'query': 'token=' + your_jwt
2013-11-19 10:52:36 +01:00
});
```
## Contribute
2013-11-19 10:52:36 +01:00
You are always welcome to open an issue or provide a pull-request!
2013-11-15 15:16:16 +01:00
Also check out the unit tests:
```bash
npm test
```
2012-09-05 20:14:36 +02:00
2013-11-15 15:16:16 +01:00
## License
Licensed under the MIT-License.
2014-03-25 13:11:39 +01:00
2013 AUTH10 LLC.