search

sodazone / ocelloids-services

Ocelloids Service Layer
https://ocelloids.net
Apache License 2.0
9 stars 3 forks source link

Web Sockets Authentication #32

Closed mfornos closed 7 months ago

mfornos commented 8 months ago

On open send JWT authentication.

We do this instead of:

  1. Use query string. Even if w/ TLS the query string is encrypted we prefer to not expose the token in a query string.
  2. Protocol negotiation hack. It breaks the intended subprotocol semantics for web sockets, so no reason to abuse it.
mfornos commented 8 months ago

related: #6 #7