nest-keycloak-connect icon indicating copy to clipboard operation
nest-keycloak-connect copied to clipboard

Published 20 hours ago verified publisher icon ferrerojosh

Websocket support

Open Nosfistis opened this issue 3 years ago • 6 comments

Is it possible to support websockets?

Using the default socket implementation that is suggested by NestJS, this is as easy as adding another case in the extractRequest helper. The related information is in the handshake, since socket.io 4 provides such info in the handshake.auth.

Other than that, perhaps the helper itself could be moved to a service, so that it can be overriden and provided to the guard.

Nosfistis avatar Sep 10 '21 13:09 Nosfistis

I'll try to find a way to do this, thanks for the suggestion.

ferrerojosh avatar Sep 12 '21 16:09 ferrerojosh

Also interested in this - thanks. The auth guard currently throws in trying to access request after the call to extractRequest in the auth guard, if trying to use jwts with graphql subscriptions.

tiagosiebler avatar Dec 08 '21 11:12 tiagosiebler

In case it helps anyone else, an adaptation of this worked for me: https://github.com/nestjs/docs.nestjs.com/issues/394#issuecomment-582161405

tiagosiebler avatar Dec 08 '21 17:12 tiagosiebler

In case it helps anyone else, an adaptation of this worked for me: nestjs/docs.nestjs.com#394 (comment)

Do you possibly still have that code around and could share it?

ZerNico avatar May 27 '22 09:05 ZerNico

In case it helps anyone else, an adaptation of this worked for me: nestjs/docs.nestjs.com#394 (comment)

Do you possibly still have that code around and could share it?

No exact sample I can share, sorry, but it is just an adaptation of the steps in the linked comment in the nestjs docs repo. If I remember correctly, the custom/adapted onConnect() method in GraphQLModule.forRootAsync({ -> subscriptions{} -> subscriptions-transport-ws{} -> onConnect() }) is what's key here (step 2).

This is the place to capture and return enough context for the custom auth guard (step 3 in the linked comment) to access the jwt. With my case of graphql + keycloak, it seemed the client was sending the auth token as an initial event immediately after connecting. This initial payload is the first parameter of the onConnect() callback method within subscriptions{ subscriptions-transport-ws{ onConnect => (payload, ws, context) {} } }

Steps 2 & 3 make sure the auth guard can access that jwt, without needing to know it didn't come in the request header. Hope I'm remembering this correctly as it already seems like a while ago. hope it helps.

tiagosiebler avatar May 31 '22 14:05 tiagosiebler

is someone have an example code to do this

supun19 avatar Nov 02 '22 04:11 supun19