Socketio-jwt disable expired tokens

Question

Socketio-jwt disable expired tokens

I can authenticate with socketio-jwt and everything works fine. The problem I am facing is that if I set the expiration to the minimum time and expire, I can continue to emit and receive messages in the connection. Until I refresh the page, the connection is saved. When I update the connection, the connection disconnects and I need to reconnect. Is it possible to check the server for expired tokens and disconnect the connection?

+6

node.js socket.io jwt

Woodsy Sep 09 '16 at 19:07

source share

1 answer

Nicolas Del Valle · Accepted Answer · 2019-01-29T11:52:52+0000

The library does not support this function, you can check the token on every desired io socket event.

In the Github Issue, the author answered this analogy:

Id_token is like your national passport, both have an expiration date, you can enter the country if your passport has not expired and most countries will not track the expiration date to track you down.

You can handle this manually using socketio middleware, for example:

const timer = require('long-timeout')

function middleware (socket, next) {
  const decodedToken = socket.user // Assuming the decoded user is save on socket.user

  if (!decodedToken.exp) {
    return next()
  }

  const expiresIn = (decodedToken.exp - Date.now() / 1000) * 1000
  const timeout = timer.setTimeout(() => socket.disconnect(true), expiresIn)

  socket.on('disconnect', () => timer.clearTimeout(timeout))

  return next()
}

Socketio-jwt disable expired tokens

More articles: