It seams a bit odd, but reading other requests on this i still find it hard to believe that there is absolutely no way to dynamically change an authorization token for a WebSocket, just want to make sure is this right? [image]

Ah, interesting! Never noticed that before. Clearly nobody else has ever bothered either. Of course, the header is only available on the initial handshake for ws connections so an authorization header is of very limited use.

That screenshot is not of the built in node.

[image] Steve-Mcl: not of the built in node. I think it is Steve: [image]

Doh! I was looking at the out node (where I expected this to be!)

No worries, took me several attempts to find it. I guess neither of us really use that node. :rofl:

BTW, just seen my reply here: [image] Setting Websocket Headers dynamically General So I think you will need to do something like watching for the connection error, using a catch node, using that to trigger a flow to regen the token which you capture to a flow context var…

if this limitation, not being able to dynamically set an authorization header like a token which by definition expires, then i am not surprised why not many use it.... seems useless for those cases where you need to authenticate to start a WebSocket connection... or am i missing something?

if the solution ends with "create your own node" :smiley: :smiley: then.... i really question, why is it not a feature in the common / out of the box node.

You can always try a contrib node: Library - Node-RED

No you aren't missing anything. Raw websockets are of limited use in terms of security. You can authorise the initial handshake using a header (don't forget that you also need to use WSS: not WS: - e.g. you need a TLS secured connection) but then you cannot have a timed session. Which means that onc…

Node-RED

Node-RED Forum

Websocket with a dynamic Autharization header

Core Development Feature Requests

TotallyInformation 16 May 2025 13:00 7

BTW, just seen my reply here:

Might give you a work-around.

Topic		Replies	Views
Setting Websocket Headers dynamically General security , websocket	4	2563	24 May 2024
Websocket with authentication Feature Requests security	23	725	31 May 2023
How to enhance 'websocket in' with basic authorization header? General security	12	860	28 December 2022
Websocket after OAuth2 authentication General	11	2324	7 March 2021
Allow adding headers to WebSocket client? Feature Requests websocket	9	458	14 November 2023

Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

Websocket with a dynamic Autharization header

Related topics