Authenticate socket.io incoming connections with JWTs. This is useful if you are build a single page application and you are not using cookies as explained in this blog post: Cookies vs Tokens. Getting auth right with Angular.JS.
Installation
npm install socketio-jwt
Example usage
// set authorization for socket.ioiosockets ;
Note: If you are using a base64-encoded secret (e.g. your Auth0 secret key), you need to convert it to a Buffer: Buffer('your secret key', 'base64')
Client side:
var socket = io;socket;
One roundtrip
The previous approach uses a second roundtrip to send the jwt, there is a way you can authenticate on the handshake by sending the JWT as a query string, the caveat is that intermediary HTTP servers can log the url.
var io = server;var socketioJwt = ; //// With socket.io < 1.0 ////io;////////////////////////////// //// With socket.io >= 1.0 ////io;/////////////////////////////// io
For more validation options see auth0/jsonwebtoken.
Client side:
Append the jwt token using query string:
var socket = io;
Handling token expiration
Server side:
When you sign the token with an expiration time:
var token = jwt;
Your client-side code should handle it as below.
Client side:
socket;
Contribute
You are always welcome to open an issue or provide a pull-request!
Also check out the unit tests:
npm test
License
Licensed under the MIT-License. 2013 AUTH10 LLC.