y-websocket icon indicating copy to clipboard operation
y-websocket copied to clipboard
verified publisher icon yjs

Implement another authentication approach aside from cookie support.

Open dmonad opened this issue 5 years ago • 1 comments

From the gitter channel @WinstonFasset:

Yes my first choice was to use a header for auth, but I was unable to get it to work in the browser even using a protocol header hack that was supposed to work (I was using Chrome, which apparently strips security headers). Similarly basic auth didn't work. Querystring parameter and cookie both worked. Incidentally, the feathers-js API server I'm using for REST can also do websockets pretty well. When enabled it will use messages for auth rather than any of the mechanisms I just described. I lean towards that approach but don't see a good way to implement it with YJS.

dmonad avatar Dec 29 '19 16:12 dmonad

I wrote a long comment on this in #7

https://github.com/yjs/y-websocket/issues/7#issuecomment-623114183

TLDR: I am now authenticating via messages over the websocket before giving it to YJS and I recommend it.

WinstonFassett avatar May 03 '20 14:05 WinstonFassett