adcentury / socketio-jwt-auth Goto Github PK
View Code? Open in Web Editor NEWSocket.io authentication middleware using Json Web Token
License: MIT License
Socket.io authentication middleware using Json Web Token
License: MIT License
I'm using Angulra 2 as client and Nodejs as backend.
The issue is that error event is firing on the client side but the success event is not firing.
I Can't connect to server from an electron app this error kept on popping up
Can't connect to server from an electron app
socketio-jwt-auth is preventing my electron socket.io-client to connect.
is has the exact config with the web config which works perfectly
I Install the module from the npm and it's seems like the 0.0.5 version, but the succeedWithoutToken parameter is not working.
I look in to the code, ands it's look like something old. There is no handling of the succeedWithoutToken parameter.
It's a terrible idea to have JWT sent via query params. Urls can be logged, cached and tracked.
I can create a PR for this if it's desirable.
Hi,
The decode function of jwt-simple need the noVerify parameter before the algorithm paramater.
So now the signature validation is not working.
Have Problem, its good for you to make a simple test on a place like stackblitz.
because i try anyway and this package not work !
// Server Side
const express = require('express');
const server = express();
const app = require('http').createServer(server);
const io = require('socket.io')(app);
var jwtAuth = require('socketio-jwt-auth');
io.use(jwtAuth.authenticate({
secret: 'your_secret',
algorithm: 'HS256',
succeedWithoutToken: true
}, function(payload, done){
// This part is never work
console.log('work')
}
));
io.on('connection', function(socket) {
socket.emit('success', {
message: 'success logged in!',
user: socket.request.user
});
});
//Client Side
const socket = io('ws://127.0.0.1:3002', { query: `auth_token=x`});
`
socket.on('error', function(err) {
console.log(err)
});
socket.on('success', function(data) {
console.log(data);
})
Response
My case is the following
When a user connects as a guest, before supplying login credentials. He gets connected thats nice!
On the client side when I successfully login to the application. The returned JWT is being saved in localStorage. But the socket doesn't know anything about that.
In order to fix this I need to refresh the page to use the token from localStorage from my login to send to the socket server.
I hacked the code a little in my authentication function... to let the socket know that the user is connected
socket.request.user = {...person, logged_in: true };
Do you have a better method or a real world example for this?
Thanks.
In my token, I set the expiration to be 60 minutes. However, the authenticate() method continues to treat the token as valid after expiration. Is there something I am doing wrong, or does this library not support token expiration?
@adcentury In light of Auth0 stopping support for their socketio-jwt (https://github.com/auth0-community/socketio-jwt/issues/131) library, what were your plans for this project going forward?
Specifically...
is it possible to use multiple authentications for multiple namespaces?
io.use(jwtAuth.authenticate({ secret: config.jwtSecret }, async (payload, done) => {
if (!payload && !payload.sub) return done(null, false, "invalid token");
try {
const user = await User.findOne({uniqueID: payload.sub});
if (!user) {
return done(null, false, 'user not found.');
}
return done(null, user);
} catch (error) {
return done(error);
}
}))
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.