Make the new bearer authentication support more standard compliant

[kevinchalet]

Having built-in bearer authentication in the C#/TS clients is great but there are two annoying things in the current implementation:

• The query string parameter name used by the TS client is non-standard and non-replaceable (the standard name is "access_token", not "signalRTokenHeader").

• The jwtBearer properties/methods used in both clients have a name that assumes the token is a JWT, which is wrong as tokens are supposed to be opaque for clients.

/cc @Tratcher @davidfowl @moozzyk

[muratg]

Thanks @PinpointTownes. What would you rename jwtBearer to? bearerToken or simply token?

[kevinchalet]

token is probably fine, but if you want to be more specific, maybe accessToken would be better.

[kevinchalet]

While we're at it, adding a built-in (opt-in?) feature that would automatically terminate the WebSocket connection when the token expires would be a truly awesome feature. The current behavior (same as SignalR 1 AFAICT) is not really ideal from a security perspective.

[muratg]

@PinpointTownes filed https://github.com/aspnet/SignalR/issues/1159 to consider auto-terminate feature. Thanks for the suggestions.

[davidfowl]

@anurse this is in preview1 right?

[analogrelay]

Correct