search

yamcs / yamcs

A framework for mission control
https://yamcs.org
GNU Affero General Public License v3.0
182 stars 76 forks source link

Facing issues in authenticating with YAMCS websockets in browser using Javascript #843

Open bangpradyumna opened 10 months ago

bangpradyumna commented 10 months ago

Hello, I am trying to connect to YAMCS websocket from a javascript based webapp but turns out the popular WebSocket library doesn't support sending Authentication headers during the connection.

Please suggest some ways to authenticate with YAMCS websockets using javascript running on the browser. I tried reading the code for webapp-sdk but couldn't really find WebsocketClient sending the access_token at all during connection request. Am I missing something ?

I'd really appreciate any help in this regard,

Thank you Pradyumna

fqqb commented 10 months ago

That's a browser limitation. yamcs-web works around this by storing the access token to a cookie, which then gets send on the websocket request.

The code on the server-side which handles this is here: https://github.com/yamcs/yamcs/blob/ebcdc82a2bb85d4945a97673626b0a42a30f69c8/yamcs-core/src/main/java/org/yamcs/http/HttpHandler.java#L106

That should be improved at some point, and there's a few ways to do that, but please see if this is working for you.

bangpradyumna commented 10 months ago

That's a browser limitation. yamcs-web works around this by storing the access token to a cookie, which then gets send on the websocket request.

The code on the server-side which handles this is here:

https://github.com/yamcs/yamcs/blob/ebcdc82a2bb85d4945a97673626b0a42a30f69c8/yamcs-core/src/main/java/org/yamcs/http/HttpHandler.java#L106

That should be improved at some point, and there's a few ways to do that, but please see if this is working for you.

Thanks alot @fqqb Unfortunately, Its not possible to use the cookie method since we don't plan on hosting the frontend and yamcs on the same domain. It looks like you can't send cookies if the domains are different (please correct me if I'm wrong).

Would it be possible to elaborate on the other ways of doing this that you mentioned?

Thanks again

fqqb commented 10 months ago

For cross-domain, or really any advanced requirements, I'd look into handling authentication outside of Yamcs, like with Keycloak (via OpenIDAuthModule) or Apache/nginx (via RemoteUserAuthModule).

A pure-Yamcs non-cookie browser solution for WebSocket would involve some new development.