{"id":20405462,"url":"https://github.com/adcentury/socketio-jwt-auth","last_synced_at":"2025-04-13T06:42:38.328Z","repository":{"id":56165316,"uuid":"42990958","full_name":"adcentury/socketio-jwt-auth","owner":"adcentury","description":"Socket.io authentication middleware using Json Web Token","archived":false,"fork":false,"pushed_at":"2020-11-23T09:01:13.000Z","size":46,"stargazers_count":90,"open_issues_count":0,"forks_count":16,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-03-26T23:09:46.745Z","etag":null,"topics":["auth","authenticate","authentication","json-web-token","jwt","socket-io","socket-io-middleware","socketio-jwt","socketio-jwt-auth"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/adcentury.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-09-23T09:18:42.000Z","updated_at":"2024-03-07T22:44:06.000Z","dependencies_parsed_at":"2022-08-15T14:00:16.779Z","dependency_job_id":null,"html_url":"https://github.com/adcentury/socketio-jwt-auth","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adcentury%2Fsocketio-jwt-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adcentury%2Fsocketio-jwt-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adcentury%2Fsocketio-jwt-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adcentury%2Fsocketio-jwt-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/adcentury","download_url":"https://codeload.github.com/adcentury/socketio-jwt-auth/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248675440,"owners_count":21143763,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","authenticate","authentication","json-web-token","jwt","socket-io","socket-io-middleware","socketio-jwt","socketio-jwt-auth"],"created_at":"2024-11-15T05:11:00.802Z","updated_at":"2025-04-13T06:42:38.302Z","avatar_url":"https://github.com/adcentury.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SocketIO JWT Auth\n\n[![Travis](https://img.shields.io/travis/adcentury/socketio-jwt-auth.svg)](https://travis-ci.org/adcentury/socketio-jwt-auth) [![Coveralls github](https://img.shields.io/coveralls/github/adcentury/socketio-jwt-auth.svg)](https://coveralls.io/github/adcentury/socketio-jwt-auth) [![npm](https://img.shields.io/npm/dm/socketio-jwt-auth.svg)](https://www.npmjs.com/package/socketio-jwt-auth) [![GitHub license](https://img.shields.io/github/license/adcentury/socketio-jwt-auth.svg)](https://github.com/adcentury/socketio-jwt-auth/blob/master/LICENSE)\n\n\u003e Socket.io authentication middleware using Json Web Token\n\nWork with [socket.io](http://socket.io/) \u003e= 1.0\n\n## Installation\n\n```\nnpm install socketio-jwt-auth\n```\n\n## Usage\n\n### Register the middleware with socket.io\n\n__socketio-jwt-auth__ has only one method `authenticate(options, verify)`.\n\n`options` is an object literal that contains options:\n\n* `secret` a secret key,\n* `algorithm`, defaults to HS256, and\n* `succeedWithoutToken`, which, if `true` tells the middleware not to fail if no token is suppled. Defaults to`false`.\n\n`verify` is a function with two args `payload`, and `done`:\n\n* `payload` is the decoded JWT payload, and\n* `done` is an error-first callback with three args: `done(err, user, message)`\n\n```javascript\nvar io = require('socket.io')();\nvar jwtAuth = require('socketio-jwt-auth');\n\n// using middleware\nio.use(jwtAuth.authenticate({\n  secret: 'Your Secret',    // required, used to verify the token's signature\n  algorithm: 'HS256'        // optional, default to be HS256\n}, function(payload, done) {\n  // done is a callback, you can use it as follows\n  User.findOne({id: payload.sub}, function(err, user) {\n    if (err) {\n      // return error\n      return done(err);\n    }\n    if (!user) {\n      // return fail with an error message\n      return done(null, false, 'user does not exist');\n    }\n    // return success with a user info\n    return done(null, user);\n  });\n}));\n```\n\n### Connecting without a token\n\nThere are times when you might wish to successfully connect the socket but indentify the connection as being un-authenticated. For example when a user connects as a guest, before supplying login credentials.  In this case you must supply the option `succeedWithoutToken`, as follows:\n\n```javascript\nvar io = require('socket.io')();\nvar jwtAuth = require('socketio-jwt-auth');\n\n// using middleware\nio.use(jwtAuth.authenticate({\n  secret: 'Your Secret',    // required, used to verify the token's signature\n  algorithm: 'HS256',        // optional, default to be HS256\n  succeedWithoutToken: true\n}, function(payload, done) {\n  // you done callback will not include any payload data now\n  // if no token was supplied\n  if (payload \u0026\u0026 payload.sub) {\n    User.findOne({id: payload.sub}, function(err, user) {\n      if (err) {\n        // return error\n        return done(err);\n      }\n      if (!user) {\n        // return fail with an error message\n        return done(null, false, 'user does not exist');\n      }\n      // return success with a user info\n      return done(null, user);\n    });\n  } else {\n    return done() // in your connection handler user.logged_in will be false\n  }\n}));\n```\n\n### Access user info \n```javascript\nio.on('connection', function(socket) {\n  console.log('Authentication passed!');\n  // now you can access user info through socket.request.user\n  // socket.request.user.logged_in will be set to true if the user was authenticated\n  socket.emit('success', {\n    message: 'success logged in!',\n    user: socket.request.user\n  });\n});\n\nio.listen(9000);\n```\n\n### Client Side\n\n```javascript\n\u003cscript\u003e\n  // You should add auth_token to the query when connecting\n  // Replace THE_JWT_TOKEN with the valid one\n  var socket = io('http://localhost:9000', {query: 'auth_token=THE_JWT_TOKEN'});\n  // For socket.io v3 you must use 'auth' object in place of 'query'\n  // var socket = io('http://localhost:9000', {auth: 'auth_token=THE_JWT_TOKEN'});\n  // Connection failed\n  socket.on('error', function(err) {\n    throw new Error(err);\n  });\n  // Connection succeeded\n  socket.on('success', function(data) {\n    console.log(data.message);\n    console.log('user info: ' + data.user);\n    console.log('logged in: ' + data.user.logged_in)\n  })\n\u003c/script\u003e\n```\n\nIf your client [support](https://socket.io/docs/client-api/#With-extraHeaders), you can also choose to pass the auth token in headers.\n\n```javascript\n\u003cscript\u003e\n  // Use extraHeaders to set a custom header, the key is 'x-auth-token'.\n  // Don't forget to replace THE_JWT_TOKEN with the valid one.\n  var socket = io('http://localhost:9000', {\n    extraHeaders: {\n      'x-auth-token': 'THE_JWT_TOKEN'\n    },\n    transportOptions: {\n      polling: {\n        extraHeaders: {\n          'x-auth-token': 'THE_JWT_TOKEN'\n        }\n      }\n    },\n  });\n  // ...\n\u003c/script\u003e\n```\n\n## Tests\n\n```\nnpm install\nnpm test\n```\n\n## Change Log\n\n### 0.2.1\n\n* Fix a bug caused by undefined\n\n### 0.2.0\n\n* Add auth handshake for Socket.IO v3\n\n### 0.1.0\n\n* Add support for passing auth token with `extraHeaders`\n\n### 0.0.6\n\n* Fix an api bug of `node-simple-jwt`\n\n### 0.0.5\n\n* Add an option (`succeedWithoutToken`) to allow guest connection\n\n## License\n\n[The MIT License](http://opensource.org/licenses/MIT)\n\nCopyright (c) 2015 Lei Lei\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadcentury%2Fsocketio-jwt-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fadcentury%2Fsocketio-jwt-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadcentury%2Fsocketio-jwt-auth/lists"}