[英]How to Authenticate user using Socketio-jwt node.js
I asked this question on Github socketio-jwt . 我在Github socketio-jwt上问了这个问题。 3 days later no answer, and couldnt find any answers on google either.
3天后没有答案,也无法在Google上找到任何答案。
Is it secure enough to check token on connection? 检查连接令牌是否足够安全? do I need to check token on every event?
每个事件我都需要检查令牌吗? Eg check on every getNews event
例如,检查每个getNews事件
socket.on("getNews", function(data, callback){
// check token and if valid return news via callback
});
vs 与
Check on connection/reconnection 检查连接/重新连接
io.use(function(socket, next) { // using general example not socketio-jwt
// check token and if valid proceed
});
how to know which user the particular token belongs to? 如何知道特定令牌属于哪个用户? One way would be to add id to payload, however, is it best practice?
一种方法是将id添加到有效负载中,但这是最佳实践吗?
I would check the token on every event, to make sure. 我会检查每个事件的令牌,以确保。
Yes, adding a user ID to your payload is fine-- as long as your secret stays secret. 是的,在您的有效负载中添加用户ID很好-只要您的秘密保持秘密即可。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.