Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

socketio-jwt-decoder

Package Overview
Dependencies
Maintainers
1
Versions
8
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

socketio-jwt-decoder

Socket.io JWT decoder

  • 2.0.1
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
4
increased by33.33%
Maintainers
1
Weekly downloads
 
Created
Source

Socket.io JWT decoder

Build Status master Dependency Status devDependency Status

Authenticate socket.io incoming connections with JWTs. This is useful if you are build a single page application and you are not using cookies as explained in this blog post: Cookies vs Tokens. Getting auth right with Angular.JS.

  • Socket.io JWT decoder just works for Socket.IO >= 1.0. *

Installation

npm install socketio-jwt-decoder

Example usage

The previous approach uses a second roundtrip to send the jwt, there is a way you can authenticate on the handshake by sending the JWT as a query string, the caveat is that intermediary HTTP servers can log the url.

var io            = require("socket.io")(server);
var socketioJwt   = require("socketio-jwt");


io.use(socketioJwt.authorize({
  secret: 'your secret or public key',
  otherOption: someValue // you can pass other arguments to jsonwebtoken
}));


io.on('connection', function (socket) {

  if (socket.decoded_token) { // authentication successful
    console.log('hello!', socket.handshake.decoded_token.name);
  }

})

For more validation options see auth0/jsonwebtoken.

Client side:

Append the jwt token using query string:

var socket = io.connect('http://localhost:9000', {
  'query': 'token=' + your_jwt
});

Handling token expiration

Server side:

When you sign the token with an expiration time:

var token = jwt.sign(user_profile, jwt_secret, {expiresInMinutes: 60});

Your client-side code should handle it as below.

Client side:

socket.on("error", function(error) {
  if (error.type == "UnauthorizedError" || error.code == "invalid_token") {
    // redirect user to login page perhaps?
    console.log("User's token has expired");
  }
});

Contribute

You are always welcome to open an issue or provide a pull-request!

Also check out the unit tests:

npm test

License

Licensed under the MIT-License. 2015 Juan Jesús García López

Keywords

FAQs

Package last updated on 19 Jun 2015

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc