sockets - How to authenticate with Node.js/Express + Passport + Websockets? -

-

i building angular2-login-seed uses passport.js oauth strategies authentication. default method of authentication these tools use of http cookie signed express. passport, can tell, manages actual set cookie header express can authenticate each subsequent request via request.isauthenticated() , access data set passport via req.session.passport.datahere.

i want incorporate realtime data in application via websockets. of course means socket stream coming server client. communication entirely separate regular http server request meaning:

  1. it not contain http cookie http requests contain

  2. express not broker interaction sockets, managed whatever implementation used in backend (sock.js, socket.io)

this makes difficult streamline authentication between http requests express, , websocket data backend separate methods of communication.

from research, leaves me 2 options. 1 of use library give socket implementation (preferably sock.js on socket.io need more research) access express session. authenticate socket connection want. issue have no idea how express cookie stream front since javascript cannot access (http cookie).

another common solution i've seen people jump use jwts (json web tokens). implementations revolving around store jwt in localstorage on front end. spa (in case angular2 services) send every request 'stateless' server authentication , send via websocket authenticate websocket connection (the front end js has access localstorage obviously). couple things come mind when thinking implementation:

  1. is possible have passport oauth strategies use jwt instead of regular session information? modification entail? can tell passport strategies use form of oauth1 or oauth2 parent strategies authentication defaults using cookies.

  2. would storing vital information in localstorage open application security breaches (xss, csrf, etc)

  3. if so, common workaround i've seen store jwt in cookie cannot accessed, spoofed, or forged. puts me in position in before using jwt, might not bother.

  4. does mean i'd have use sort of state management store in backend (redis example) manage authentication , decoding of jwt body? (i know nothing redis, etc).

the idea of connecting authentication between server http requests , socket data odd seemingly vital authenticating socket connection. i'm little surprised easier method not exist. i've done research , have seen things such socketio-jwt, express-jwt, etc don't know if manageable transition passport strategies, or if easier opening express session data socket implementation, or if i'm going wrong!

any or guidance appreciated thanks.

then authenticate socket connection want. issue have no idea how express cookie stream front since javascript cannot access (http cookie).

with express-socket.io-session session auth done on handshake, , handshake http request, if cookies http-only work. (tested myself)


Comments

Post a Comment

Popular posts from this blog

html - Styling progress bar with inline style -

-
i trying set progress bar color red using inline style. need in way because have access <body> part of document. style need apply: progress { color: red } progress::-moz-progress-bar { background: red;} progress::-webkit-progress-value { background: red; } progress[aria-valuenow]:before { background: red; } i tried <progress style="background: red;"> incorrect effect, progress bar color turns blue red background. guide right direction desired style? thank in advance. here live example: https://jsfiddle.net/z36d3f6l/
Read more

java - Oracle Sql developer error: could not install some modules -

-
i have downloaded fresh copy of sqldeveloper ( sqldeveloper-4.1.3.20.78-no-jre ) oracle website. when unzip , lauch gui, keep getting following error message: warning - not install modules: dynamic module config - no module providing capability org.netbeans.netbinox found. my system: windows 7 32 bit hp probook. jdk 1.6 , 1.7, 1.8 available in java/jdk subdirectory. netbeans 8.0.2 installed finally got way out after dirty hours. extracted sqldeveloper zip in nested directory. i.e: e://a/b/c/sqldeveloper. starting sqldeveloper gui above directory threw erros. solution: go in c:\users**username**\appdata\roaming : delete sql developer , sqldeveloper folders extract sql developer zip in new non nested directory. i.e: e:// start , should work now reference: https://community.oracle.com/thread/3870680?start=0&tstart=0
Read more

How to use autoclose brackets in Jupyter notebook? -

-
this may sound silly question, how make use of autoclose brackets in jupyter notebook? example, when type print( jupyter notebook auto-closes brakets print() and places cursor inside. type argument, say print(1 + 1) now cursor between second 1 , right bracket ) . key navigate right of ) ? of course can press end or → or ) achieve this, not seem save time, purpose of brackets autoclose suppose? thanks in advance.
Read more