Authentication

[alfredneu]

Great tool, but I cannot find a way to do authenticated connects with basic auth. Could you please tell me how to archive this or add this option?

I am working in a business environment where no server allows anonymous connections. I am quite surprised nobody missed this before.

Thanks!

[alfredneu]

OK, as usual: Having searched for an hour and written the request I immediately find the solution ;-)

websocat -H="Authorization: Basic "

That does the trick. Still, a command line option would be nice

[tony1661]

Hi, Does anyone know how I can authenticate using WWW-Authenticate? I have tried adding the headers manually similar to @alfredneu however that does not work.

[vi]

@tony1661 , Do you mean requesting authentication as a server?

That would be something like

websocat -s 1234 --server-header 'WWW-Authenticate: Basic realm="Hello from Websocat", charset="UTF-8"'

But that does not work currently, as it just allows connection without authentication.

Checking if client-supplied Basic auth is valid or not is not implemented yet.

---

Or do you mean interpreting WWW-Authenticate response from server and interactively asking for username and password?

Maybe a customized error message suggesting to use a new command line with auth header would happen in some future version of Websocat.

[tony1661]

@vi Thanks for your response. What I am trying to do is authenticate to a web socket as a client. I am able to authenticate using curl however I cannot send and receive data. My curl command is below and I was wondering if I could do something similar with websocat.

curl -A "Avaya-IPOSysMonitor" --verbose --digest --user Username:Password --header 'Connection: Upgrade' --header 'Host: 36.103.125.5' --header 'Upgrade: websocket' --header 'Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==' --header 'Sec-WebSocket-Protocol: sysmonitor' --header 'Sec-WebSocket-Version: 13' 192.168.222.10/sysmonitor/

[vi]

--digest is non-basic HTTP authentication. It requires repeated request and is not supported yet in Websocat.

[tony1661]

@vi Gotcha. Thanks for the info!

[zopieux]

I just submitted https://github.com/websockets-rs/rust-websocket/pull/236 (low-level websocket crate used by this project). This is where the user credentials should be handled. Nothing should be necessary for websocat if this gets merged.

[vi]

WebSocat 2.0 will be based on websocket-lowlevel. websocket depends on legacy hyper 0.10, which is not going to be packaged for Debian, so it's a dependency to be removed.

Fortunately, the HTTP handling part of someday's Websocat 2.0 already turns username:password into a Authentication: Basic header.

[vi]

On the other hand, I can publish some additional Websocat 1.5.0 with the pull request in if you would find that useful.

[zopieux]

That would definitely solve the immediate issue at hand, yes. Thanks for your concern!

[vi]

Released v1.5.0.

[jglick]

Unfortunately embedding auth in the URL does not work if the username contains an @. Compare e.g.

curl -u jglick@xxx.com:s3cr3t https://some.server/

Workaround:

websocat -H="Authorization: Basic $(echo -n jglick@xxx.com:s3cr3t | base64)" wss://some.server/

[jglick]

Dupe of #115? Sounds like this was resolved in c320d7970e5d6a1b8f97fd7eeccfdec6bd0851d9?