Question: What is the wampy.js equivalent of anonymous `auth/login` and `auth/signup` calls with REST?

[MichaelJCole]

Hi, I'm new to using WAMP protocol and not sure the best place to ask a question.

I'm integrating wampy.js as a Vuex module, in the Quasar framework.

With REST calls, I can

1. Make an anonymous HTTP requests to get a bearer token
2. Then "upgrade" my authorization by setting Authorization: Bearer mytoken123 in the client's headers.

For example here is an example Vuex action to register and login a new user

import { api } from 'boot/axios'

export function register ({ commit }, form) {
  return api.post('/auth/register', form)
    .then(response => {
      // configure axios http library to use token on future requests
      api.defaults.headers.common['Authorization'] = 'Bearer ' + response.data.token
      // update vuex "store", so Vue can reactively update app
      commit('login', {token: response.data.token, user: response.data.user})  
    })
}

Is it possible to connect anonymously, pass anonymous messages, then upgrade a WAMP protocol's authentication? Can I do that with the same wampy.js instance?

If yes and no, then my feature request would be wampy.authenticate() or wampy.newSession() that I could use to upgrade the client.

What's the best WAMP way to handle anonymous auth routes like signup/signin/passwordreset/etc?

Thank you!

[KSDaemon]

Hi @MichaelJCole!

I'm integrating wampy.js as a Vuex module, in the Quasar framework.

Cool idea! I love Vue :) Had a look at Quasar too.

Some highlights on WAMP regarding ur questions:

• WAMP protocol authorizes clients on a session establishment step. It means that client connects to router (sends HELLO), if router decide to authorize client — it sends CHALLENGE message. Client must response with AUTHENTICATE, and if router authorizes client — it finally sends WELCOME message. No further authorization flows.
• Wampy.js of course supports auth challenges. See https://github.com/KSDaemon/wampy.js#challenge-response-authentication
• There is tiny additional module 'wampy-cra' for Challenge Response Authentication. But it is rather simple to write any other auth mechanisms, like ticket based. Just there was no need in it.

And what about ur questions, but i think some answers you already understand from above.

Is it possible to connect anonymously, pass anonymous messages, then upgrade a WAMP protocol's authentication? No. Thats not possible, as i understand.

At first glance, there are few options how to achieve desired flow:

• Create 2 different realms: anonimous and authorized. Use one for login/register and on success reinitialize a connection to authenticated one
• In most cases for a typical web app (cms, admin panels and etc) user first need to login. This is a standalone page. So you can use classical REST API to register/login. And then, when user is successfully loged in and redirected to main application — then use auth credentials for wamp connection. In this case you can simply use transport level auth, and there is no need for wamp authorization.

Of course thats not all. Just first that come to mind. Hope it helps!

[MichaelJCole]

Hi Konstantin, this is very helpful, thank you. I like the idea to use REST for authentication, then authorize a websocket with the token. It's clean.

It makes me think that maybe I can use REST for RPC, and hyper-express for websocket pub/sub built-in.

It's my first websocket app, and I'm not sure what I need yet. Do you have a template for a wamp app? I didn't see any repo on github for "wamp template".

Thank you for your help!