New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide JWT tokens to Websocket without passing via HTTP headers #667
Milestone
Comments
dguggemos
added a commit
to bosch-io/ditto
that referenced
this issue
Apr 28, 2021
…for websocket requests Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
dguggemos
added a commit
to bosch-io/ditto
that referenced
this issue
Apr 28, 2021
…nal option for providing the jwt Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
This was referenced Apr 28, 2021
thjaeckle
added a commit
to bosch-io/ditto
that referenced
this issue
Apr 29, 2021
Signed-off-by: Thomas Jaeckle <thomas.jaeckle@bosch.io>
Browser are able to pass cookies before the upgrade handshake, so the JWT could be passed there, also. That is straight-forward, as long as the browser has gotten a suitable cookie from the ditto domain |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For the
WebSocket
browser API it is not possible to pass a JWT token asAuthorization
HTTP header as this API does not allow to set custom headers.So there is no straight-forward way to connect to a Ditto websocket from the browser.
We should enable that by either
I would prefer the first one as we already do the JWT token refresh also via a WS message.
The text was updated successfully, but these errors were encountered: