socket.io-client-swift icon indicating copy to clipboard operation
socket.io-client-swift copied to clipboard
verified publisher icon socketio

Token object arrives as query and not in the correct header

Open RoeelCohen opened this issue 5 years ago • 5 comments

Hey I have a Socket.IO server running. According to the Handshake documentation - the token should be part of the "auth" in the handshake.

I was following the examples here and tried to run the following code: self.manager.config = SocketIOClientConfiguration(arrayLiteral: .connectParams(["token": "asd123"]), .secure(true)) self.manager.config = SocketIOClientConfiguration(arrayLiteral: .connectParams(["auth": ["token": "asd123"]]), .secure(true)) (ignore typos please :)

But on the server side I get the parameter as part of the query object:

handshake:  {
  headers: {
    host: 'aa83db4f0418.ngrok.io',
    'user-agent': '**',
    accept: '*/*',
    'accept-encoding': 'gzip, deflate, br',
    'accept-language': 'en-us',
    'x-forwarded-for': '79.180.102.120',
    'x-forwarded-proto': 'https'
  },
  time: 'Wed Feb 17 2021 22:53:23 GMT+0200 (Israel Standard Time)',
  address: '::1',
  xdomain: false,
  secure: false,
  issued: 1613595203772,
  url: '/socket.io/?transport=polling&b64=1&token=asd123&EIO=4',
  query: [Object: null prototype] {
    transport: 'polling',
    b64: '1',
    token: 'asd123',
    EIO: '4'
  },
  auth: {}
}

is the "auth" not available on the iOS client SDK? (node client SDK behave as expected). Should I instead pass the auth token as part of the headers? If not, is "query" object secured enough to pass around tokens?

RoeelCohen avatar Feb 17 '21 21:02 RoeelCohen

@RoeelCohen have you tried using .extraHeaders?

nuclearace avatar Feb 18 '21 14:02 nuclearace

@RoeelCohen have you tried using .extraHeaders?

@nuclearace Yeah. .extraHeaders will add the token to the headers object, i.e. handshake.headers.token which by guessing - might be more appropriate than the query object?

RoeelCohen avatar Feb 18 '21 15:02 RoeelCohen

@RoeelCohen Yes I would use extraHeaders for this.

Does that solve your issue?

nuclearace avatar Feb 22 '21 15:02 nuclearace

Not necessarily, I think I could've added the token anywhere I wanted to. It's just weird that the handshake has a built in key for the token but we don't use it. I'm really not sure what's the best practice in this case. I will leave you to the decision if to close the issue or not. thanks anyways.

RoeelCohen avatar Mar 01 '21 20:03 RoeelCohen

Hello, got same problem. I'm want setup my token and deviceId to handshake: "auth": {} how i do this using socket.io-client-swift?

Incriptos avatar Apr 28 '21 10:04 Incriptos