NodeJS and Socket.IO user authentication

Question

I was wondering what are the best practices for socket.IO authentication.

Alice emits event 'message' with parameters including Bobs unique identifier etc. Bob receives the message while listening to socket.on('message') event.

How do I prevent unauthenticated users from ever connecting to the server using Socket.IO and how do I emit event to only specific user?

Thank you very much in advance for all suggestions and answers. Peter

Implement an authentication scheme and use SSL. – jfriend00 Oct 19 '14 at 16:29 — jfriend00, Oct 19 '14 at 16:29

score 5 · Accepted Answer · edited May 23 '17 at 11:46

5

Socket.IO allows you to set up authentication for new sessions. You could do this with cookies or using JSON web tokens for example. The authentication mechanism did change from 0.9 to 1.0, so just be aware of that when googling.

As far as encryption goes, as long as you're using https you should be fine. Trying to implement your own encryption scheme instead of using https is more risky and more work anyway.

edited May 23 '17 at 11:46

Community

1
1

answered Oct 19 '14 at 14:42

mscdex

104,356
15
192
153

Is the data encrypted in the database? – TrySpace Jan 05 '16 at 12:36

NodeJS and Socket.IO user authentication

1 Answers1