react-actioncable-provider icon indicating copy to clipboard operation
react-actioncable-provider copied to clipboard

Published 20 hours ago verified publisher icon cpunion

Passing headers while establishing the contact

Open abdulbasit1248 opened this issue 3 years ago • 1 comments

Could anyone explain that how we can pass the auth-token in ActionCableProvider in order to authenticate the user in the backend rails app. One way is to pass the auth-token in the URL string. But it is not a secure method. The auth token can be seen easily in the logs at the backend.

abdulbasit1248 avatar Dec 30 '21 12:12 abdulbasit1248

I'm just setting this up, and I agree that this would be a very useful feature.

One solution I am thinking of is to create a new API endpoint that generates and returns a nonce with expiry date for the authenticated user. That nonce can then be passed via the URL to the ActionCableProvider and then used to authenticate the user in my ApplicationCable::Connection. That way we aren't exposing the users primary authentication token via the URL.

cameronbourgeois avatar Nov 16 '22 21:11 cameronbourgeois