cpunion / react-actioncable-provider

MIT License
153 stars 60 forks source link

Passing headers while establishing the contact #51

Open abdulbasit1248 opened 2 years ago

abdulbasit1248 commented 2 years ago

Could anyone explain that how we can pass the auth-token in ActionCableProvider in order to authenticate the user in the backend rails app. One way is to pass the auth-token in the URL string. But it is not a secure method. The auth token can be seen easily in the logs at the backend.

cameronbourgeois commented 1 year ago

I'm just setting this up, and I agree that this would be a very useful feature.

One solution I am thinking of is to create a new API endpoint that generates and returns a nonce with expiry date for the authenticated user. That nonce can then be passed via the URL to the ActionCableProvider and then used to authenticate the user in my ApplicationCable::Connection. That way we aren't exposing the users primary authentication token via the URL.