mcnamee
commented
9 years ago After digging through the code, I found that a client password strategy is also implemented, giving the ability to pass through a ?access_token=XYZ through the request URL or POST an access_token variable through along with the data.
Has anyone managed to secure websockets with the bearer strategy? I've got this working perfectly with http requests, however I've read you can't add the auth header to websockets.
Is this true? If so, how have you approached it?