Authenticating socket io connections using JWT

by

It doesn’t matter if the token was created on another server. You can still verify it if you have the right secret key and algorithm.

Implementation with jsonwebtoken module

client

const {token} = sessionStorage;
const socket = io.connect('http://localhost:3000', {
  query: {token}
});

Server

const io = require('socket.io')();
const jwt = require('jsonwebtoken');

io.use(function(socket, next){
  if (socket.handshake.query && socket.handshake.query.token){
    jwt.verify(socket.handshake.query.token, 'SECRET_KEY', function(err, decoded) {
      if (err) return next(new Error('Authentication error'));
      socket.decoded = decoded;
      next();
    });
  }
  else {
    next(new Error('Authentication error'));
  }    
})
.on('connection', function(socket) {
    // Connection now authenticated to receive further events

    socket.on('message', function(message) {
        io.emit('message', message);
    });
});

Implementation with socketio-jwt module

This module makes the authentication much easier in both client and server side. Just check out their examples.

client

const {token} = sessionStorage;
const socket = io.connect('http://localhost:3000');
socket.on('connect', function (socket) {
  socket
    .on('authenticated', function () {
      //do other things
    })
    .emit('authenticate', {token}); //send the jwt
});

Server

const io = require('socket.io')();
const socketioJwt = require('socketio-jwt');

io.sockets
  .on('connection', socketioJwt.authorize({
    secret: 'SECRET_KEY',
    timeout: 15000 // 15 seconds to send the authentication message
  })).on('authenticated', function(socket) {
    //this socket is authenticated, we are good to handle more events from it.
    console.log(`Hello! ${socket.decoded_token.name}`);
  });

More Related Contents:

  1. How to share sessions with Socket.IO 1.x and Express 4.x?
  2. Socket.io + Node.js Cross-Origin Request Blocked
  3. socket.io and session?
  4. nginx as webserver incl. socket.io and node.js / ws:// 400 Bad Request
  5. Get the client’s IP address in socket.io
  6. Socket.IO – how do I get a list of connected sockets/clients?
  7. Which websocket library to use with Node.js? [closed]
  8. What is an example of the simplest possible Socket.io example?
  9. How to reuse redis connection in socket.io?
  10. socket.io rooms or namespacing?
  11. How to destroy JWT Tokens on logout?
  12. What’s the difference between io.sockets.emit and broadcast?
  13. socket.io and express 4 sessions
  14. jwt.io says Signature Verified even when key is not provided
  15. Send custom data along with handshakeData in socket.io?
  16. Verifying Auth0 JWT throws invalid algorigthm
  17. Node.js client for a socket.io server
  18. How to get room’s clients list in socket.io 1.0
  19. Examples in using RedisStore in socket.io
  20. Nodemailer/Gmail – What exactly is a refresh token and how do I get one?
  21. how to list rooms on socket.io nodejs server
  22. How to get user id using jwt token
  23. socket.io force a disconnect over XHR-polling
  24. Websocket transport reliability (Socket.io data loss during reconnection)
  25. Separating file server and socket.io logic in node.js
  26. How to resolve a Socket.io 404 (Not Found) error?
  27. How to use socket.io in express routes?
  28. NPM – Can’t install socket.IO
  29. Socket.io rooms difference between broadcast.to and sockets.in
  30. How to connect two node.js servers with websockets?

Leave a Comment