Authenticate socket.io incoming connections with JWTs. https://www.npmjs.com/package/@thream/socketio-jwt
This repository has been archived on 2024-11-11. You can view files and clone it, but cannot push or open issues or pull requests.
Go to file
2023-10-23 23:44:50 +02:00
.github chore: better Prettier config for easier reviews 2023-10-23 23:44:50 +02:00
.husky fix: bump jsonwebtoken to v9.0.0 2023-01-10 20:57:23 +01:00
.vscode build(deps): update latest 2022-09-09 11:39:27 +02:00
src chore: better Prettier config for easier reviews 2023-10-23 23:44:50 +02:00
.commitlintrc.json chore: general improvements of config files 2021-02-14 19:28:15 +01:00
.editorconfig chore: initial commit 2020-12-27 17:25:44 +01:00
.eslintrc.json refactor: usage of node:test instead of tap 2023-07-22 12:18:28 +02:00
.gitattributes feat: add isUnauthorizedError type guard 2022-02-18 17:20:59 +01:00
.gitignore feat: usage of ESM modules imports (instead of CommonJS) 2022-04-07 10:11:48 +02:00
.lintstagedrc.json build(deps): update latest 2022-09-09 11:39:27 +02:00
.markdownlint-cli2.jsonc build(deps): update latest 2023-05-13 19:25:45 +02:00
.npmrc feat: add npm package provenance 2023-05-13 19:34:01 +02:00
.prettierrc.json chore: better Prettier config for easier reviews 2023-10-23 23:44:50 +02:00
.releaserc.json chore: add semantic-release 2021-07-23 23:15:52 +02:00
.swcrc fix: update jsonwebtoken from v9.0.1 to v9.0.2 2023-09-18 21:45:05 +02:00
CODE_OF_CONDUCT.md fix: update author - Théo LUDWIG 2023-07-02 18:08:35 +02:00
CONTRIBUTING.md build(deps): update latest 2023-05-13 19:25:45 +02:00
LICENSE fix: update author - Théo LUDWIG 2023-07-02 18:08:35 +02:00
package-lock.json chore: better Prettier config for easier reviews 2023-10-23 23:44:50 +02:00
package.json chore: better Prettier config for easier reviews 2023-10-23 23:44:50 +02:00
README.md chore: better Prettier config for easier reviews 2023-10-23 23:44:50 +02:00
tsconfig.json fix: update jsonwebtoken from v9.0.1 to v9.0.2 2023-09-18 21:45:05 +02:00

Thream/socketio-jwt

Authenticate socket.io incoming connections with JWTs.

Licence MIT Contributor Covenant

Conventional Commits semantic-release npm version

📜 About

Authenticate socket.io incoming connections with JWTs.

This repository was originally forked from auth0-socketio-jwt and it is not intended to take any credit but to improve the code from now on.

Prerequisites

💾 Install

Note: It is a package that is recommended to use/install on both the client and server sides.

npm install --save @thream/socketio-jwt

⚙️ Usage

Server side

import { Server } from "socket.io"
import { authorize } from "@thream/socketio-jwt"

const io = new Server(9000)
io.use(
  authorize({
    secret: "your secret or public key",
  }),
)

io.on("connection", async (socket) => {
  // jwt payload of the connected client
  console.log(socket.decodedToken)
  const clients = await io.sockets.allSockets()
  if (clients != null) {
    for (const clientId of clients) {
      const client = io.sockets.sockets.get(clientId)
      client?.emit("messages", { message: "Success!" })
      // we can access the jwt payload of each connected client
      console.log(client?.decodedToken)
    }
  }
})

Server side with jwks-rsa (example)

import jwksClient from "jwks-rsa"
import { Server } from "socket.io"
import { authorize } from "@thream/socketio-jwt"

const client = jwksClient({
  jwksUri: "https://sandrino.auth0.com/.well-known/jwks.json",
})

const io = new Server(9000)
io.use(
  authorize({
    secret: async (decodedToken) => {
      const key = await client.getSigningKeyAsync(decodedToken.header.kid)
      return key.getPublicKey()
    },
  }),
)

io.on("connection", async (socket) => {
  // jwt payload of the connected client
  console.log(socket.decodedToken)
  // You can do the same things of the previous example there...
})

Server side with onAuthentication (example)

import { Server } from "socket.io"
import { authorize } from "@thream/socketio-jwt"

const io = new Server(9000)
io.use(
  authorize({
    secret: "your secret or public key",
    onAuthentication: async (decodedToken) => {
      // return the object that you want to add to the user property
      // or throw an error if the token is unauthorized
    },
  }),
)

io.on("connection", async (socket) => {
  // jwt payload of the connected client
  console.log(socket.decodedToken)
  // You can do the same things of the previous example there...
  // user object returned in onAuthentication
  console.log(socket.user)
})

authorize options

  • secret is a string containing the secret for HMAC algorithms, or a function that should fetch the secret or public key as shown in the example with jwks-rsa.
  • algorithms (default: HS256)
  • onAuthentication is a function that will be called with the decodedToken as a parameter after the token is authenticated. Return a value to add to the user property in the socket object.

Client side

import { io } from "socket.io-client"
import { isUnauthorizedError } from "@thream/socketio-jwt/build/UnauthorizedError.js"

// Require Bearer Token
const socket = io("http://localhost:9000", {
  auth: { token: `Bearer ${yourJWT}` },
})

// Handling token expiration
socket.on("connect_error", (error) => {
  if (isUnauthorizedError(error)) {
    console.log("User token has expired")
  }
})

// Listening to events
socket.on("messages", (data) => {
  console.log(data)
})

💡 Contributing

Anyone can help to improve the project, submit a Feature Request, a bug report or even correct a simple spelling mistake.

The steps to contribute can be found in the CONTRIBUTING.md file.

📄 License

MIT