1

(Tom Vaga asked a similar question here but Luke's response didn't quite address what I'd hoped to accomplish... I'd comment there but don't have the points yet :-) Thanks! )

I've got a Slim server working well to register and authenticate users for our API, using JWT, allowing only 'authenticated' users to access certain api endpoints.

I'm now trying to setup a SocketCluster for various realtime messaging parts of the app, and I would like to restrict subscriptions to only authenticated users. I may be missing a part of the concept, but is it not possible to use the token-cookie set successfully by Slim to also authenticate to SocketCluster? (ideally using the built-in authentication process, and without having to call-back to the slim-api?) They're on different servers as sub-domains... Would I have to insert the same secret into the SocketCluster configuration somewhere?

Thank you!

David Robert Hoare
  • 13
  • 3
  • There are a few different options for configuring JWTs. Can you give more information about how yours are being done? Are they just signed or also encrypted? Are they setup with expiry? What payload do they include? Etc. – Paul Oct 30 '18 at 20:00
  • Thanks Paul - I'm new to this, but I'll do my best :-) roughly based on [this guide](https://arjunphp.com/secure-web-services-using-jwt-slim3-framework/) I generate and set the token using: $settings = $this->get('settings'); // get settings array. $token = JWT::encode(['phone' => $phone], $settings['jwt']['secret'], "HS256"); $ret['token'] = $token; It only includes the phoneNumber of the users (the primary-key in our system) at present... maybe add other identifiers as needed...? – David Robert Hoare Oct 30 '18 at 20:41

0 Answers0