How to make WebSocket authentication?
I want to implement authentication in WebSocket, but there is no way to disconnect unauthorized users—anyone can connect to the WebSocket. I need a node that can verify the headers and then confirm the connection. I tried using node-red-contrib-websocket-auth0
, but it didn’t work. I reinstalled Node-RED, but it still doesn’t work as shown in the picture
Is connection or disconnection (or both) your main issue? Because with websockets, they are very different problems.
With connection, you can use standard https because websockets make an initial https connection where you have access to all of the usual http headers.
However, the connection then "upgrades" to wss at which point you no longer have access to any custom headers. So disconnection - e.g. session expiry - is a problem. To deal with that, you will need to manually incorporate session data into every exchanged message. Then, on session expiry, you need to block message transfer and want the users they need to log in again. (or alternatively, you can deal with session extensions, etc).
If I remember correctly, I think that the node-red-contrib-websocket-auth0 node only deals with connection and not disconnection? I might be wrong though, I've not used it.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.