SocketIO JWT Auth

![Travis](https://travis-ci.org/adcentury/socketio-jwt-auth) ![Coveralls github](https://coveralls.io/github/adcentury/socketio-jwt-auth) ![npm](https://www.npmjs.com/package/socketio-jwt-auth) ![GitHub license](https://github.com/adcentury/socketio-jwt-auth/blob/master/LICENSE)

> Socket.io authentication middleware using Json Web Token

Work with socket.io >= 1.0

Installation

``npm install socketio-jwt-auth`

`Usage`

`$3`

__socketio-jwt-auth__ has only one method authenticate(options, verify).

options is an object literal that contains options:

* secreta secret key, *algorithm, defaults to HS256, and *succeedWithoutToken, which, if true tells the middleware not to fail if no token is suppled. Defaults tofalse.

verify is a function with two args payload, and done:

* payloadis the decoded JWT payload, and *done is an error-first callback with three args: done(err, user, message)

`javascript var io = require('socket.io')(); var jwtAuth = require('socketio-jwt-auth');

// using middleware io.use(jwtAuth.authenticate({ secret: 'Your Secret', // required, used to verify the token's signature algorithm: 'HS256' // optional, default to be HS256 }, function(payload, done) { // done is a callback, you can use it as follows User.findOne({id: payload.sub}, function(err, user) { if (err) { // return error return done(err); } if (!user) { // return fail with an error message return done(null, false, 'user does not exist'); } // return success with a user info return done(null, user); }); }));`

`$3`

There are times when you might wish to successfully connect the socket but indentify the connection as being un-authenticated. For example when a user connects as a guest, before supplying login credentials. In this case you must supply the option succeedWithoutToken, as follows:

`javascript var io = require('socket.io')(); var jwtAuth = require('socketio-jwt-auth');

// using middleware io.use(jwtAuth.authenticate({ secret: 'Your Secret', // required, used to verify the token's signature algorithm: 'HS256', // optional, default to be HS256 succeedWithoutToken: true }, function(payload, done) { // you done callback will not include any payload data now // if no token was supplied if (payload && payload.sub) { User.findOne({id: payload.sub}, function(err, user) { if (err) { // return error return done(err); } if (!user) { // return fail with an error message return done(null, false, 'user does not exist'); } // return success with a user info return done(null, user); }); } else { return done() // in your connection handler user.logged_in will be false } }));`

`$3`

javascript
io.on('connection', function(socket) {
  console.log('Authentication passed!');
  // now you can access user info through socket.request.user
  // socket.request.user.logged_in will be set to true if the user was authenticated
  socket.emit('success', {
    message: 'success logged in!',
    user: socket.request.user
  });
});

io.listen(9000);`

`$3`

`javascript`

If your client support, you can also choose to pass the auth token in headers.

`javascript`

`Tests`

`npm install npm test`

`Change Log`

`$3`

* Fix a bug caused by undefined

`$3`

* Add auth handshake for Socket.IO v3

`$3`

* Add support for passing auth token with extraHeaders

`$3`

* Fix an api bug of node-simple-jwt

`$3`

* Add an option (succeedWithoutToken`) to allow guest connection

License

The MIT License

SocketIO JWT Auth

> Socket.io authentication middleware using Json Web Token

Work with socket.io >= 1.0

Installation

``npm install socketio-jwt-auth`

`Usage`

`$3`

__socketio-jwt-auth__ has only one method authenticate(options, verify).

options is an object literal that contains options:

* secreta secret key, *algorithm, defaults to HS256, and *succeedWithoutToken, which, if true tells the middleware not to fail if no token is suppled. Defaults tofalse.

verify is a function with two args payload, and done:

* payloadis the decoded JWT payload, and *done is an error-first callback with three args: done(err, user, message)

`javascript var io = require('socket.io')(); var jwtAuth = require('socketio-jwt-auth');

`$3`

`javascript var io = require('socket.io')(); var jwtAuth = require('socketio-jwt-auth');

`$3`

javascript
io.on('connection', function(socket) {
  console.log('Authentication passed!');
  // now you can access user info through socket.request.user
  // socket.request.user.logged_in will be set to true if the user was authenticated
  socket.emit('success', {
    message: 'success logged in!',
    user: socket.request.user
  });
});

io.listen(9000);`

`$3`

`javascript`

If your client support, you can also choose to pass the auth token in headers.

`javascript`

`Tests`

`npm install npm test`

`Change Log`

`$3`

* Fix a bug caused by undefined

`$3`

* Add auth handshake for Socket.IO v3

`$3`

* Add support for passing auth token with extraHeaders

`$3`

* Fix an api bug of node-simple-jwt

`$3`

* Add an option (succeedWithoutToken`) to allow guest connection

License

The MIT License