Authenticate socket.io incoming connections with JWTs.
https://www.npmjs.com/package/@thream/socketio-jwt
.github | ||
.husky | ||
.vscode | ||
src | ||
.commitlintrc.json | ||
.editorconfig | ||
.eslintrc.json | ||
.gitattributes | ||
.gitignore | ||
.lintstagedrc.json | ||
.markdownlint-cli2.jsonc | ||
.npmrc | ||
.prettierrc.json | ||
.releaserc.json | ||
.swcrc | ||
CODE_OF_CONDUCT.md | ||
CONTRIBUTING.md | ||
LICENSE | ||
package-lock.json | ||
package.json | ||
README.md | ||
tsconfig.json |
Thream/socketio-jwt
Authenticate socket.io incoming connections with JWTs.
📜 About
Authenticate socket.io incoming connections with JWTs.
This repository was originally forked from auth0-socketio-jwt and it is not intended to take any credit but to improve the code from now on.
Prerequisites
💾 Install
Note: It is a package that is recommended to use/install on both the client and server sides.
npm install --save @thream/socketio-jwt
⚙️ Usage
Server side
import { Server } from 'socket.io'
import { authorize } from '@thream/socketio-jwt'
const io = new Server(9000)
io.use(
authorize({
secret: 'your secret or public key'
})
)
io.on('connection', async (socket) => {
// jwt payload of the connected client
console.log(socket.decodedToken)
const clients = await io.sockets.allSockets()
if (clients != null) {
for (const clientId of clients) {
const client = io.sockets.sockets.get(clientId)
client?.emit('messages', { message: 'Success!' })
// we can access the jwt payload of each connected client
console.log(client?.decodedToken)
}
}
})
Server side with jwks-rsa
(example)
import jwksClient from 'jwks-rsa'
import { Server } from 'socket.io'
import { authorize } from '@thream/socketio-jwt'
const client = jwksClient({
jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json'
})
const io = new Server(9000)
io.use(
authorize({
secret: async (decodedToken) => {
const key = await client.getSigningKeyAsync(decodedToken.header.kid)
return key.getPublicKey()
}
})
)
io.on('connection', async (socket) => {
// jwt payload of the connected client
console.log(socket.decodedToken)
// You can do the same things of the previous example there...
})
Server side with onAuthentication
(example)
import { Server } from 'socket.io'
import { authorize } from '@thream/socketio-jwt'
const io = new Server(9000)
io.use(
authorize({
secret: 'your secret or public key',
onAuthentication: async (decodedToken) => {
// return the object that you want to add to the user property
// or throw an error if the token is unauthorized
}
})
)
io.on('connection', async (socket) => {
// jwt payload of the connected client
console.log(socket.decodedToken)
// You can do the same things of the previous example there...
// user object returned in onAuthentication
console.log(socket.user)
})
authorize
options
secret
is a string containing the secret for HMAC algorithms, or a function that should fetch the secret or public key as shown in the example withjwks-rsa
.algorithms
(default:HS256
)onAuthentication
is a function that will be called with thedecodedToken
as a parameter after the token is authenticated. Return a value to add to theuser
property in the socket object.
Client side
import { io } from 'socket.io-client'
import { isUnauthorizedError } from '@thream/socketio-jwt/build/UnauthorizedError.js'
// Require Bearer Token
const socket = io('http://localhost:9000', {
auth: { token: `Bearer ${yourJWT}` }
})
// Handling token expiration
socket.on('connect_error', (error) => {
if (isUnauthorizedError(error)) {
console.log('User token has expired')
}
})
// Listening to events
socket.on('messages', (data) => {
console.log(data)
})
💡 Contributing
Anyone can help to improve the project, submit a Feature Request, a bug report or even correct a simple spelling mistake.
The steps to contribute can be found in the CONTRIBUTING.md file.