WampSharp icon indicating copy to clipboard operation
WampSharp copied to clipboard

Revoke Access after a while(token expired)...

Open windischb opened this issue 7 years ago • 4 comments

Hi!

I have successfully implemented a WampSessionAuthenticator. As i understand the Authentication Process only happens when the connection open. What about if my token expires 10 minutes after the connection is opened? Is there any way to check the token on every request?

windischb avatar Mar 15 '17 10:03 windischb

If you register your procedures with DiscloseCaller=true, you can access the AuthenticationId (the string set by your authenticator) by WampInvocationContext.Current.InvocationDetails.AuthenticationId. If you store somewhere the token used by the client to authenticate and mapped by your AuthenticationId, you can simply check if the token is still valid. The problem is that you'll need to do it in every procedure you register.

Elad

darkl avatar Mar 15 '17 17:03 darkl

I have another idea - your authorizer can check if the token is valid in its CanXXX methods.

Elad

darkl avatar Mar 15 '17 21:03 darkl

That looks like a good Idea! I will try it this way! Another point is, how to handle subscriptions...

The Client subscribe to a Topic, 5 minutes later the token expires. Now the client cant call any Procedure, because the check in the CanXXX method returns false. But what about the subscription? Are the CanXXX methods also involved if a new item is submitted to the topic?

Maybe i can implement a "Rule"... The Client have to send a Message every 30 seconds. If the client doesn't send a Message or the token in this Method is expired, this client will be blacklisted until a new valid token is submitted? Do you think that's a way which can work?

windischb avatar Mar 16 '17 07:03 windischb

I think that the desired behavior is to allow checking whether the client is allowed to receive an event, and to allow to drop the connection (also in the previous case), specifying that the token expired.

darkl avatar Mar 16 '17 09:03 darkl