Add an alternative authentication method for websocket

ACINQ / phoenixd

https://phoenix.acinq.co/server

Apache License 2.0

117 stars 15 forks source link

Add an alternative authentication method for websocket #95

Closed pm47 closed 3 months ago

pm47 commented 3 months ago

The goal is to be compatible with browsers. Instead of using the basic auth method, we use the standard Sec-WebSocket-Protocol header to pass authentication information, as suggested in point 5. of https://stackoverflow.com/a/77060459.

Examples with websocat:

basic auth:

$ websocat --basic-auth :<api-password> ws://127.0.0.1:9740/websocket

protocol:

websocat --protocol <api-password> ws://127.0.0.1:9740/websocket

cc @remyers Builds on #94. Fixes #92.

remyers commented 3 months ago

fwiw - if anyone is testing this by opening the html file on a Windows system, it seems to only work with Firefox. Both Chrome and Microsoft Edge browsers failed when opening the socket. I think it's related to some security restriction put on connections without TLS.

I suspect if you connect with wss it will work on all Windows browsers.