Auth using token from another system

[MichaelJCole]

Hi, I'm using SocketCluster in a Chrome extension to setup a side channel for notifications.

My web app already logs in and saves a token on the client.

1. During app login and when the app loads, I push that token into the extension.
2. The extension's background.js creates a socketCluster client, somehow(?) including the token.
3. scServer.on('connection') reads the token(?) and checks against the app database.
4. If a valid token, it replies(?) with a channel to subscribe to, or subscribes the client magically(?).
5. If invalid, it closes the connection with an appropriate error(?).

I'm looking for a pattern that fills in the ? marks.

So far, I'm using:

2. Client: socket = socketCluster.connect({ query: { authToken }, });
3. Worker.js: var authToken = socket.request.url.split('authToken=');

I'm not really sure the best way to do 4 and 5. Seems like this has already been solved, I just don't know where to find it :-) Adding a JWT wrapper on this seems like overkill.

I'd really like to not have a working JWT token and an expired app authToken.

Any tips?

[jondubois]

Sorry for the delay in response. This was a good question.
You may want to check out https://socketcluster.io/#!/docs/authentication and https://socketcluster.io/#!/docs/middleware-and-authorization