Uploaded image for project: 'National Data Service'
  1. National Data Service
  2. NDS-257

Console access: WebSocket authentication - API/CLI


    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Normal Normal
    • Workbench 1.2.0
    • None
    • Development
    • None

      Apparently, it is impossible to attach custom HTTP headers to WebSocket request the same way that we do for XHR.

      Instead of using headers, we have decided to follow a pattern similar to the one outlined by this article. We already use a "token" system similar to their "ticket" concept, so we should just need to modify the API server slightly to handle a special "auth" event.

      An example "auth" event might look like this:

      { "action": "auth", args: [ token, namespace, ip ] }

      Or with named parameters:

      { "action": "auth", args: { "token": token, "namespace": namespace, "source": ip } }

      This ticket is complete when:

      • The CLI uses this new authentication method to perform console interactions:
        • The server accepts all WebSocket connections without auth, but only allows on command
        • The server handles a special "auth" event, that allows user to actually fully use the WebSocket

              willis8 Craig Willis
              lambert8 Sara Lambert
              0 Vote for this issue
              1 Start watching this issue