Hi,
I am looking for best practices in implementation schemes for authenticating websocket communication. At the moment, this is the workflow I am considering:
- Client (Web UI) gets a JWT from invoking a REST API endpoint - /login.
- Client initiates a websocket session - subscribing to a set of events, passing the JWT (somehow).
- Upon authenticating JWT, server begins sending events based on the socket connection.
What are the best practices for all passing JWT while initiating a websocket session? And how can I parse it at the websocket server end?
Appreciate all guidance in this matter.
Thanks,
Radha.