New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to make this use OAuth with Github #4
Comments
+1 for a sample app with Passport |
SC supports JWT; so if you authenticate with OAuth as normal but also create a JWT token (on the server-side) when the OAuth succeeds - Then the authToken can later be used to decide access control for related WebSocket connections. Because OAuth is HTTP-based (not WebSocket-based), you will need to create the JWT from the HTTP server (inside the OAuth success handler). There is a detailed explanation about how to create the JWT from HTTP here (it also shows you where to put the token in localStorage on the client-side): SocketCluster/socketcluster#233 (comment) By default, the only requirement for a user to read/edit any data in the sc-sample-inventory app is that they are logged in (have a valid authToken). See https://github.com/SocketCluster/sc-sample-inventory/blob/e0628b312642faa60c604a27f5eb2bfbd4231e24/worker.js#L91 Note that, on the backend, the If the client tries to pass a token to the server which has been tampered with or which was not signed correctly by the server (with the appropriate Inside the filter function, you could also read the token's properties to perform more advanced access control. Someone asked a question about Steam authentication recently which may be similar to this: SocketCluster/socketcluster#259 |
Thank you for the sample.
Currently the user 'bob' is hardcoded inside the code. Instead, if I want to make users "signup" with github or similar oAuth providers, how to make it happen? Which parts need to be changed?
The text was updated successfully, but these errors were encountered: