如何使用Socketio-jwt node.js对用户进行身份验证
[英]How to Authenticate user using Socketio-jwt node.js
问题描述
I asked this question on Github socketio-jwt . 
我在Github socketio-jwt上问了这个问题。 3 days later no answer, and couldnt find any answers on google either. 3天后没有答案,也无法在Google上找到任何答案。
Question 1: 问题1:
Is it secure enough to check token on connection? 检查连接令牌是否足够安全? do I need to check token on every event? 每个事件我都需要检查令牌吗? Eg check on every getNews event 例如,检查每个getNews事件
socket.on("getNews", function(data, callback){
// check token and if valid return news via callback
});
vs 与
Check on connection/reconnection 检查连接/重新连接
io.use(function(socket, next) { // using general example not socketio-jwt
// check token and if valid proceed
});
Question 2: 问题2:
how to know which user the particular token belongs to? 如何知道特定令牌属于哪个用户? One way would be to add id to payload, however, is it best practice? 一种方法是将id添加到有效负载中,但这是最佳实践吗?
1 个解决方案
解决方案1
1 已采纳 2016-02-07 16:55:25
I would check the token on every event, to make sure. 我会检查每个事件的令牌,以确保。
Yes, adding a user ID to your payload is fine-- as long as your secret stays secret. 是的,在您的有效负载中添加用户ID很好-只要您的秘密保持秘密即可。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.