1cg
commented
1 year ago @Renerick can you answer this?
Closed kessero closed 1 year ago
1cg
commented
1 year ago @Renerick can you answer this?
Renerick
commented
1 year ago @kessero Hi!
AFAIK, there is no way to pass the credentials to the WebSocket itself.
https://devcenter.heroku.com/articles/websocket-security#authentication-authorization
Since you cannot customize WebSocket headers from JavaScript, you’re limited to the “implicit” auth (i.e. Basic or cookies) that’s sent from the browser.
If you use separate server with a different origin, using cookies or basic auth is not possible, so you would have to pass some sort of authentication token in the URL (the link above talks about it as well)
Could you please elaborate on your authentication schema?
kessero
commented
1 year ago I use mosquitto/mqtt on port 1883 and websocket on port 8080. For now i have some script in js witch paho js do the job. All comunication is secure by username and password.
Renerick
commented
1 year ago paho.js is a wrapper around websockets and it implements it's own messaging protocol (including its own authorization https://github.com/eclipse/paho.mqtt.javascript/blob/master/src/paho-mqtt.js#L410-L413).
ws.js is designed to work with simple "raw" sockets, passing around JSON and HTML. As such, it is not possible to use ws.js with mosquitto socket, including authorization, as it would require to basically reimplement mqtt-over-websocket protocol.
Renerick
commented
1 year ago I'm going to close this issue as supporting mqtt is out of scope for the websockets extension. Implementing this would likely require a whole separate extension with extra options to support authorization and other paho.js features. As an example, this is how I did it with SignalR-htmx integration extension https://github.com/Renerick/htmx-signalr
Feel free to reach out and reopen this issue if you've got any remaining questions! Thanks
Is there a way to add credentials (login and password) to authorize connection?