OAuth2 authentication for web sockets: Passing a carrier token through subprotograms?

Question

OAuth2 authentication for web sockets: Passing a carrier token through subprotograms?

I am trying to figure out what the best way is to transfer the oauth token to the websocket endpoint.

This SO answer suggests sending a token to the URL , however this approach has all the disadvantages of authentication via URL. Safety implications discussed here.

So I wondered what would be the disadvantages of using sub-protocols to pass a token to the server? that is, instead of processing the requested sub-protocols as a list of constants. Send at least one subprotocol following the syntax, for example: authorization-bearer-<token>

The token will fall into the request header. When processing the sub-codes, the server can easily find and process the token using a small code. Since subprotocol transfers must be supported by many websocket implementations, this should work for a large number of clients.

+5

oauth-2.0 websocket

Je42 Mar 31 '16 at 3:44

source share

1 answer

Muiz ahmed · Answer 1 · 2017-10-18T10:46:35+0000

This worked for me, I used this WebSocket client library .

You need to send the OAUTH token through the Websocket header. The code is below, I hope it will be useful.

 ws = factory.createSocket("wss://yourcompleteendpointURL/"); ws.addHeader("Authorization", "Bearer <yourOAUTHtoken>"); ws.addHeader("Upgrade", "websocket"); ws.addHeader("Connection", "Upgrade"); ws.addHeader("Host", "<YourhostURLasabovegiveupto.com>"); ws.addHeader("Sec-WebSocket-Key", "<Somerandomkey>"); ws.addHeader("Sec-WebSocket-Version", "13"); ws.connect();

OAuth2 authentication for web sockets: Passing a carrier token through subprotograms?

More articles: