voryx / Thruway

PHP Client and Router Library for Autobahn and WAMP (Web Application Messaging Protocol) for Real-Time Application Messaging
MIT License
676 stars 117 forks source link

[Question] authentication through jwt #349

Closed ChargemapHakan closed 3 years ago

ChargemapHakan commented 3 years ago

Hi,

I've set up a router, and added an authentication with JWT. That seems to work fine with Autobahn with all the challenges and stuff. However, what I need to do now is to extract data from the jwt token and store / associate them to the client session (ClientSession object). Extracting the data in the processAuthenticate method is not a problem but I don't have any link to the client session here. Also, I don't know how to set custom data in a session object. How should I do that ? I am not sure that this can be done in the processAuthenticate method and can't seem to find anything related to the session in the preProcessAuthenticate method neither.

Also, when a user subscribes to a topic, I would like to ensure that the user has the right to subscribe (based on the data we extracted from the JWT). Let's say we extracted userId 1234 from the JWT, and the same session subscribes to thread_9876_notifications. What I want to do is that on the subscribe event, I would like to check if the user 1234 has the right to access the thread 9876. How would this be possible ?

Thanks a lot guys :-)