2
1
mirror of https://github.com/Thream/socketio-jwt.git synced 2024-07-21 09:38:31 +02:00
Authenticate socket.io incoming connections with JWTs. https://www.npmjs.com/package/@thream/socketio-jwt
Go to file
Oscar 29b3882355 Make it look for both kinds of query
add a check on req.query along with req._query for different versions
2014-06-06 13:09:06 -05:00
example fix #3 2014-02-07 11:11:14 -02:00
lib Make it look for both kinds of query 2014-06-06 13:09:06 -05:00
test fixed all broken tests with socket.io 1.0, close #10 2014-06-05 15:45:41 -03:00
.gitignore initial 2012-09-05 15:14:36 -03:00
LICENSE.md add license, close #2 2014-03-14 20:31:04 -03:00
package.json 2.3.0 2014-06-05 15:46:16 -03:00
README.md add support for socket.io 1.0 2014-06-03 08:12:07 -03:00

Authenticate socket.io incoming connections with JWTs. This is useful if you are build a single page application and you are not using cookies as explained in this blog post: Cookies vs Tokens. Getting auth right with Angular.JS.

Installation

npm install socketio-jwt

Example usage

// set authorization for socket.io
io.sockets
  .on('connection', socketioJwt.authorize({
    secret: 'your secret or public key',
    timeout: 15000 // 15 seconds to send the authentication message
  })).on('authenticated', function(socket) {
    //this socket is authenticated, we are good to handle more events from it.
    console.log('hello! ' + socket.decoded_token.name);
  }));

Client side:

var socket = io.connect('http://localhost:9000');
socket.on('connect', function (socket) {
  socket
    .on('authenticated', function () {
      //do other things
    })
    .emit('authenticate', {token: jwt}); //send the jwt
});

One roundtrip

The previous approach uses a second roundtrip to send the jwt, there is a way you can authenticate on the handshake by sending the JWT as a query string, the caveat is that intermediary HTTP servers can log the url.

var io            = require("socket.io")(server);
var socketioJwt   = require("socketio-jwt");

//// With socket.io < 1.0 ////
io.set('authorization', socketioJwt.authorize({
  secret: 'your secret or public key',
  handshake: true
}));
//////////////////////////////

//// With socket.io >= 1.0 ////
io.use(socketioJwt.authorize({
  secret: 'your secret or public key',
  handshake: true
}));
///////////////////////////////

io.on('connection', function (socket) {
  console.log('hello! ', socket.handshake.decoded_token.name);
})

For more validation options see auth0/jsonwebtoken.

Client side:

Append the jwt token using query string:

var socket = io.connect('http://localhost:9000', {
  'query': 'token=' + your_jwt
});

Contribute

You are always welcome to open an issue or provide a pull-request!

Also check out the unit tests:

npm test

License

Licensed under the MIT-License. 2013 AUTH10 LLC.