Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[question] Anonymous Access #591

Closed
Nearata opened this issue Dec 15, 2022 · 5 comments
Closed

[question] Anonymous Access #591

Nearata opened this issue Dec 15, 2022 · 5 comments

Comments

@Nearata
Copy link

Nearata commented Dec 15, 2022

Ask your question. Please provide as many details as possible – you will get the answer much faster then!

Is there a way to disable Anonymous Access when authenticating to websocket?

"Show us an example of what you mean!". An example can be useful, otherwise we're left guessing!

  1. Guest on website
  2. Frontend sends api request to backend to refresh token
  3. Backend generates a jwt token with empty sub and returns it to Frontend
  4. Centrifuge SDK loads the token and tries to connect to the Websocket Server with the provided jwt token from the backend
  5. Centrifuge server denies the connection because the sub claim is empty, not allowed

I'd like a way to configure centrifuge to check this instead of doing it by myself with my backend, like

{
  "anonymous_access": false,
  "namespaces": [...]
}
@FZambia
Copy link
Member

FZambia commented Dec 16, 2022

Hello @Nearata - in general not a problem to add such an option. Possibly call it like disallow_anonymous_connection_tokens: true

Could you elaborate a bit more why you want this behaviour - do you already generate JWTs for anonymous users in your app and they use those JWTs to call backend API. But at the same time you want to avoid having Centrifugo connection? Just curious about exact reasoning here.

@Nearata
Copy link
Author

Nearata commented Dec 16, 2022

Hello @FZambia ,

Lets' assume im building a plugin for a platform. This plugin allows to get realtime notification when new discussions are made. Now, the plugin has a toggle to allow/deny guests but it needs to check, in backend, if a visitor is a guest or not. my toughts were if this job can be left to centrifuge or if it is a overkill/not ideal in this use case. that means, im going to generate a jwt token no matter if the visitor is guest or not, so that i can get rid of this Allow Guests toggle in admin settings.

@FZambia
Copy link
Member

FZambia commented Jan 10, 2023

@FZambia FZambia closed this as completed Jan 10, 2023
@FZambia
Copy link
Member

FZambia commented Jan 11, 2023

@Nearata Please avoid using v4.1.1, it contained a protocol bug. See v4.1.2 instead.

@Nearata
Copy link
Author

Nearata commented Feb 23, 2023

Working as expected. Thank you !!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants