stackoom
  简体   繁体   中英

How to Authenticate user using Socketio-jwt node.js

 原文  2016-02-07 00:48:21       node.js/ performance/ security/ socket.io/ jwt

Question

I asked this question on Github socketio-jwt . 3 days later no answer, and couldnt find any answers on google either.

Question 1:

Is it secure enough to check token on connection? do I need to check token on every event? Eg check on every getNews event 

socket.on("getNews", function(data, callback){
// check token and if valid return news via callback
});

vs

Check on connection/reconnection 

io.use(function(socket, next) { // using general example not socketio-jwt
// check token and if valid proceed
});

Question 2:

how to know which user the particular token belongs to? One way would be to add id to payload, however, is it best practice?

1 answers

solution1
 1 ACCPTED  2016-02-07 16:55:25

I would check the token on every event, to make sure.

Yes, adding a user ID to your payload is fine-- as long as your secret stays secret.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to emit and recieve whitout a Authenticated using socketio-jwt How to authenticate google user using node.js socketio-jwt: Connected to SocketIO, Authenticating socketio-jwt disconnect expired tokens How to connect Node.js and PHP server using SocketIO How to connect Android Client with Node.js server using SocketIO? How to use authenticate a user for google sheets api on a remote server using Node.js? Authenticate Firebase JWT token on server running NGINX + Node.JS How to authenticate LinkedIn using Node.js and simple-oauth2 Authenticate DDP Client using Node.js
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM