search

deepstreamIO / deepstream.io-client-java

The Java/Android Client for deepstream.io
Other
35 stars 37 forks source link

Sending HTTP Headers with DeepStreamClient.login() #96

Open little-vista-dev opened 7 years ago

little-vista-dev commented 7 years ago

We are looking to incorporate deepstream into our applications. The scenario is that we have a REST API that acts as 'publisher' and a number of connected javascript/mobile based clients. Our API has an authentication endpoint that expects either a cookie or header as an authentication token. This end point is configured into the deepstream server as the authentication mechanism.

Each browser client authenticates with our API and receives a JWT token that is passed back to the browser as a cookie. This cookie is then forwarded with the javascript request to login to deepstream. All good so far..

We now need to authenticate from within the API itself (on the java side of the house). In order to do this I was thinking that the 'publisher' code in the API generates a JWT token for itself and then this token be attached as a header and/or cookie along with the call to DeepStreamClient.login(); The idea being that the deepstream server will pass this token back into the API via the http authentication mechanism.

But I cannot see a way to supply a header value or cookie to the login from the java client. Can you please help?

yasserf commented 7 years ago

hey @little-vista

Would it not be possible for you to send the token as an argument with login

DeepstreamClient.login({ token: jwtToken })

which can then be accessed by the permission plugin on deepstream rather than retrieving it from a cookie or session?

little-vista-dev commented 7 years ago

@yasserf Can you explain how that works? I want to delegate authentication completely to our API end point. That is, deepstream is setup to call out to our API authentication end point and it is this end point that validates the token. The end point has to work for apps (which we can do via a header value, browser for which we supply a cookie)

Let me see if I understand what you mean. By adding the jwt as an attribute of the login data, this is then forwarded to the API end point. What structure of json should that end point expect based on your suggestion?