使用JWT验证套接字io连接 [英] Authenticating socket io connections using JWT

问题描述

如何验证socket.io连接?我的应用程序使用来自另一台服务器(python)的登录端点来获取令牌，每当用户在节点侧打开套接字连接时，如何使用该令牌?

How can I authenticate a socket.io connection? My application uses a login endpoint from another server (python) to get a token, how can I get use that token whenever a user opens a socket connection on the node side?

io.on('connection', function(socket) {
    socket.on('message', function(message) {
        io.emit('message', message);
    });
});

和客户端:

var token = sessionStorage.token;
var socket = io.connect('http://localhost:3000', {
    query: 'token=' + token
});

如果令牌是在python中创建的:

If the token is created in python:

token = jwt.encode(payload, SECRET_KEY, algorithm='HS256')

如何使用此令牌对节点中的套接字连接进行身份验证?

How can I use this token to authenticate a socket connection in node?

推荐答案

令牌是否在另一台服务器上创建都没有关系.如果您拥有正确的密钥和算法，仍然可以进行验证.

It doesn't matter if the token was created on another server. You can still verify it if you have the right secret key and algorithm.

客户

var token = sessionStorage.token;
var socket = io.connect('http://localhost:3000', {
  query: {token: token}
});

服务器

var io = require('socket.io')();
var jwt = require('jsonwebtoken');

io.use(function(socket, next){
  if (socket.handshake.query && socket.handshake.query.token){
    jwt.verify(socket.handshake.query.token, 'SECRET_KEY', function(err, decoded) {
      if(err) return next(new Error('Authentication error'));
      socket.decoded = decoded;
      next();
    });
  } else {
      next(new Error('Authentication error'));
  }    
})
.on('connection', function(socket) {
    // Connection now authenticated to receive further events

    socket.on('message', function(message) {
        io.emit('message', message);
    });
});

使用 socketio-jwt 模块

实施

此模块使客户端和服务器端的身份验证更加容易.只需查看他们的示例.

Implementation with socketio-jwt module

This module makes the authentication much easier in both client and server side. Just check out their examples.

客户

var token = sessionStorage.token;
var socket = io.connect('http://localhost:3000');
socket.on('connect', function (socket) {
  socket
    .on('authenticated', function () {
      //do other things
    })
    .emit('authenticate', {token: token}); //send the jwt
});

服务器

var io = require('socket.io')();
var socketioJwt = require('socketio-jwt');

io.sockets
  .on('connection', socketioJwt.authorize({
    secret: 'SECRET_KEY',
    timeout: 15000 // 15 seconds to send the authentication message
  })).on('authenticated', function(socket) {
    //this socket is authenticated, we are good to handle more events from it.
    console.log('hello! ' + socket.decoded_token.name);
  });

这篇关于使用JWT验证套接字io连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！