Thream/socketio-jwt
Archived
2
1
Fork 0
Code Issues Pull Requests Releases Activity

change the API

Browse Source
This commit is contained in:
José F. Romaniello
2014-01-14 08:30:39 -03:00
parent b0f4354ecb
commit b292ab75af
4 changed files with 47 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
README.md
View File

@@ -8,6 +8,34 @@ npm install socketio-jwt
## Example usage
```javascript
// set authorization for socket.io
io.sockets
.on('connection', socketioJwt.authorize({
secret: 'your secret or public key',
timeout: 15000 // 15 seconds to send the authentication message
}).on('authenticated', function(socket) {
//this socket is authenticated, we are good to handle more events from it.
console.log('hello! ' + socket.decoded_token.name);
}));
```
__Client side__:
```javascript
var socket = io.connect('http://localhost:9000');
socket.on('connect', function (socket) {
socket
.on('authenticated', function () {
//do other things
})
.emit('authenticate', {token: jwt}); //send the jwt
});
```
## One roundtrip
The previous approach uses a second roundtrip to send the jwt, there is a way you can authenticate on the handshake by sending the JWT as a query string, the caveat is that intermediary HTTP servers can log the url.
```javascript
var io = require("socket.io")(server);
@@ -15,7 +43,8 @@ var socketioJwt = require("socketio-jwt");
// set authorization for socket.io
io.set('authorization', socketioJwt.authorize({
secret: 'your secret or public key'
secret: 'your secret or public key',
handshake: true
}));
io.on('connection', function (socket) {
@@ -35,36 +64,6 @@ var socket = io.connect('http://localhost:9000', {
});
```
## Second method, without querystrings
The previous approach send the token through querystring which could be logged by intermediary HTTP proxies. This second method doesn't but it requires an extra roundtrip. __Take care with this method to filter unauthenticated sockets when broadcasting.__
```javascript
// set authorization for socket.io
io.sockets.on('connection', socketioJwt.authorize({
secret: 'your secret or public key',
timeout: 15000 // 15 seconds to send the authentication message
}, function(socket) {
//this socket is authenticated, we are good to handle more events from it.
console.log('hello! ' + socket.decoded_token.name);
}));
```
__Client side__:
For now the only way to append the jwt token is using query string:
```javascript
var socket = io.connect('http://localhost:9000');
socket.on('connect', function (socket) {
socket
.on('authenticated', function () {
//do other things
})
.emit('authenticate', {token: jwt}); //send the jwt
});
```
## Contribute
You are always welcome to open an issue or provide a pull-request!