Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Passing headers while establishing the contact #51

Open
abdulbasit1248 opened this issue Dec 30, 2021 · 1 comment
Open

Passing headers while establishing the contact #51

abdulbasit1248 opened this issue Dec 30, 2021 · 1 comment

Comments

@abdulbasit1248
Copy link

abdulbasit1248 commented Dec 30, 2021
edited
Loading

Could anyone explain that how we can pass the auth-token in ActionCableProvider in order to authenticate the user in the backend rails app.
One way is to pass the auth-token in the URL string. But it is not a secure method. The auth token can be seen easily in the logs at the backend.
@cameronbourgeois
Copy link

cameronbourgeois commented Nov 16, 2022
edited
Loading

I'm just setting this up, and I agree that this would be a very useful feature.

One solution I am thinking of is to create a new API endpoint that generates and returns a nonce with expiry date for the authenticated user. That nonce can then be passed via the URL to the ActionCableProvider and then used to authenticate the user in my ApplicationCable::Connection. That way we aren't exposing the users primary authentication token via the URL.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cameronbourgeois @abdulbasit1248