Authenticate socket.io incoming connections with JWTs. https://www.npmjs.com/package/@thream/socketio-jwt
This repository has been archived on 2024-11-11. You can view files and clone it, but cannot push or open issues or pull requests.
Go to file
José F. Romaniello b0f4354ecb add noqs method
2014-01-13 18:41:10 -03:00
lib add noqs method 2014-01-13 18:41:10 -03:00
test add noqs method 2014-01-13 18:41:10 -03:00
.gitignore initial 2012-09-05 15:14:36 -03:00
package.json initial commit after fork of passport-socketio 2014-01-13 16:00:21 -03:00
README.md add noqs method 2014-01-13 18:41:10 -03:00

Authenticate socket.io incoming connections with JWTs. This is useful if you are build a single page application and you are not using cookies as explained in this blog post: Cookies vs Tokens. Getting auth right with Angular.JS.

Installation

npm install socketio-jwt

Example usage

var io            = require("socket.io")(server);
var socketioJwt   = require("socketio-jwt");

// set authorization for socket.io
io.set('authorization', socketioJwt.authorize({
  secret: 'your secret or public key'
}));

io.on('connection', function (socket) {
  console.log('hello! ', socket.handshake.decoded_token.name);
})

For more validation options see auth0/jsonwebtoken.

Client side:

Append the jwt token using query string:

var socket = io.connect('http://localhost:9000', {
  'query': 'token=' + your_jwt
});

Second method, without querystrings

The previous approach send the token through querystring which could be logged by intermediary HTTP proxies. This second method doesn't but it requires an extra roundtrip. Take care with this method to filter unauthenticated sockets when broadcasting.

// set authorization for socket.io
io.sockets.on('connection', socketioJwt.authorize({
  secret: 'your secret or public key',
  timeout: 15000 // 15 seconds to send the authentication message
}, function(socket) {
  //this socket is authenticated, we are good to handle more events from it.
  console.log('hello! ' + socket.decoded_token.name);
}));

Client side:

For now the only way to append the jwt token is using query string:

var socket = io.connect('http://localhost:9000');
socket.on('connect', function (socket) {
  socket
    .on('authenticated', function () {
      //do other things
    })
    .emit('authenticate', {token: jwt}); //send the jwt
});

Contribute

You are always welcome to open an issue or provide a pull-request!

Also check out the unit tests:

npm test

License

Licensed under the MIT-License. 2013 AUTH10 LLC.