Closed dominykas closed 5 years ago
@dominykas This is mostly done now. Need to update the API doc. Requires hapi v17.8.1 which is reflected in the plugin requirements.
This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.
When a websocket requires authentication, and the server uses some sort of token based authentication, the credentials usually have a limited lifetime. The
nes
clients are free tooverrideReconnectionAuth()
and provide new credentials for the case when the websocket drops, however if the websocket does not drop - it still assumes the old credentials on the server side. This means that the websocket is open to send/receive information even though the client may no longer have valid credentials, which could be a security issue in some contexts.Proposal
auth.expiresAt
callback.When the authentication endpoint accepts valid credentials, it shouldAfter the client authenticates, the server shouldconst expiresAt = await auth.expiresAt(request.auth);
.const expiresAt = await auth.expiresAt(credentials, artifacts);
.expiresAt
time.undefined
means never expire.overrideReconnectionAuth()
reauthenticate()
, it should also make a request to the authentication endpoint, so that the server can update theexpiresAt
time and extend the websocket lifetime.