How to make this use OAuth with Github

[KrishnaPG]

Thank you for the sample.

Currently the user 'bob' is hardcoded inside the code. Instead, if I want to make users "signup" with github or similar oAuth providers, how to make it happen? Which parts need to be changed?

[gurisko]

+1 for a sample app with Passport

[jondubois]

SC supports JWT; so if you authenticate with OAuth as normal but also create a JWT token (on the server-side) when the OAuth succeeds - Then the authToken can later be used to decide access control for related WebSocket connections.

Because OAuth is HTTP-based (not WebSocket-based), you will need to create the JWT from the HTTP server (inside the OAuth success handler). There is a detailed explanation about how to create the JWT from HTTP here (it also shows you where to put the token in localStorage on the client-side): SocketCluster/socketcluster#233 (comment)

By default, the only requirement for a user to read/edit any data in the sc-sample-inventory app is that they are logged in (have a valid authToken). See https://github.com/SocketCluster/sc-sample-inventory/blob/e0628b312642faa60c604a27f5eb2bfbd4231e24/worker.js#L91

Note that, on the backend, the socket.authToken property (which is the same as the result of socket.getAuthToken()) will only be set if the token exists AND is valid.

If the client tries to pass a token to the server which has been tampered with or which was not signed correctly by the server (with the appropriate authKey), the token will be discarded by the server and will not show up on the server-side - So the existence of the socket.authToken is a good way to check whether or not a user is authenticated.

Inside the filter function, you could also read the token's properties to perform more advanced access control.

Someone asked a question about Steam authentication recently which may be similar to this: SocketCluster/socketcluster#259