Nest: websocket authentication with password and passwort-jwt

Created on 17 Oct 2019  路  4Comments  路  Source: nestjs/nest

Hi there! I love the way Nestjs bring us Typescript in Nodejs , it very easy and also well documented
Right now I'm building a REST API for a chat app, Http side is almost done, authentication too, I've just followed the documentation and it is working well, now I want to authenticate my user when they are trying to connect to my chat Gateway, I have tried @AuthGuard('jwt') but it seems not working, it there a way to properly do that please, thanks for your great work.

needs triage question 馃檶
Source
picture loicgeek

Most helpful comment

I can tell you @loicgeek how to do this, but i can't give the code.

  1. create websocket jwt strategy extending PassportStrategy(Strategy, 'websocketStrategyName') , use ExtractJwt.fromUrlQueryParameter('jwtTokenFieldName')
    Example client
const jwtTokenFieldName = 'jwt token without bearer';
      const socket = io('http://localhost:3000/namespace', { transports: ['websocket'], path: '/websocket-path', query: { jwtTokenFieldName } });
  1. add method validate to strategy, need check user in database etc.
  2. add websocket strategy to providers

  3. create websocket jwt guard extending AuthGuard and pass strategy name ( websocketStrategyName )

  4. implement method getRequest in websocket jwt guard and return handshake switchToWs().getClient().handshake.
    Because we getting jwt token from url query parameter by name websocketStrategyName
    But we need to get request before using strategy
    By default JWT strategy getting from headers Authentication

  5. Override get request in https://github.com/nestjs/passport/blob/master/lib/auth.guard.ts#L52
    SocketIO.Socket ( context.switchToWs().getClient() ) have handshake
    In handshake we can get websocket request url
    fromUrlQueryParameter getting request url and parse websocketStrategyName

User automatically set into switchToWs().getClient().handshake.user analogue to HTTP request

  1. Add @UseGuard(WsJWTGuard) to websocket gateway

  2. Auth user in handleConnection from client first argument ( in nestjs last version Kamil created decorators for client and payload ) as client.handshake.query.jwtTokenFieldName
    use jwt.verify
    Or hide this implementation in websocket jwt guard.

If you have any question - notify me

picture Insidexa on 18 Oct 2019
👍3

All 4 comments

I can tell you @loicgeek how to do this, but i can't give the code.

  1. create websocket jwt strategy extending PassportStrategy(Strategy, 'websocketStrategyName') , use ExtractJwt.fromUrlQueryParameter('jwtTokenFieldName')
    Example client
const jwtTokenFieldName = 'jwt token without bearer';
      const socket = io('http://localhost:3000/namespace', { transports: ['websocket'], path: '/websocket-path', query: { jwtTokenFieldName } });
  1. add method validate to strategy, need check user in database etc.
  2. add websocket strategy to providers

  3. create websocket jwt guard extending AuthGuard and pass strategy name ( websocketStrategyName )

  4. implement method getRequest in websocket jwt guard and return handshake switchToWs().getClient().handshake.
    Because we getting jwt token from url query parameter by name websocketStrategyName
    But we need to get request before using strategy
    By default JWT strategy getting from headers Authentication

  5. Override get request in https://github.com/nestjs/passport/blob/master/lib/auth.guard.ts#L52
    SocketIO.Socket ( context.switchToWs().getClient() ) have handshake
    In handshake we can get websocket request url
    fromUrlQueryParameter getting request url and parse websocketStrategyName

User automatically set into switchToWs().getClient().handshake.user analogue to HTTP request

  1. Add @UseGuard(WsJWTGuard) to websocket gateway

  2. Auth user in handleConnection from client first argument ( in nestjs last version Kamil created decorators for client and payload ) as client.handshake.query.jwtTokenFieldName
    use jwt.verify
    Or hide this implementation in websocket jwt guard.

If you have any question - notify me

Insidexa picture Insidexa on 18 Oct 2019
👍3

@Insidexa thanks for your reply, I will try and let you know

loicgeek picture loicgeek on 18 Oct 2019

Please, use our Discord channel (support) for such questions. We are using GitHub to track bugs, feature requests, and potential improvements.

kamilmysliwiec picture kamilmysliwiec on 24 Oct 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

lock[bot] picture lock[bot] on 24 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ghost picture ghost  路  27Comments
hypeofpipe picture hypeofpipe  路  27Comments
fmeynard picture fmeynard  路  45Comments
artjomzab picture artjomzab  路  33Comments
xmlking picture xmlking  路  28Comments