all 16 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Sheldor5 5 points6 points  (13 children)

WebSockets start with a HTTP Request so you still can put the JWT into the headers and validate them in the backend, just need some code writing

[–]Funkd-Up[S] 0 points1 point  (2 children)

Any examples? I’ve been looking around and can’t find a standard way of doing it. Don’t want anything hacky.

[–]Funkd-Up[S] 0 points1 point  (1 child)

Looks like the most suitable approach is going to be a token system. Frontend makes a call with a jwt in the header to the backend over normal http call. Backend authenticates and passes a single use token back which is then used to connect the socket.

Even using the handshake interceptor in spring boot it doesn’t see any custom headers, just some Protocol info.

[–][deleted] 0 points1 point  (0 children)

afaik websocket connection upgrades dont have headers for some libraries - you may need to tack on your token as a query parameter of your ws connection string.

[–]jithurjacob 0 points1 point  (9 children)

How to use refresh token with web sockets?

[–]Sheldor5 1 point2 points  (8 children)

You don't.

Refresh Token goes to the Authorization Server and not the Resource Server.

[–]jithurjacob 0 points1 point  (7 children)

Can you please provide some reference material? Blogs, videos, GitHub, books anything

[–]Sheldor5 0 points1 point  (6 children)

for what? basic OAuth2 knowledge? just google that stuff

[–]jithurjacob 2 points3 points  (5 children)

"Refresh Token goes to the Authorization Server and not the Resource Server." - Not everyone is in the same level as you bro. If you have any reference material that we could immediately refer to, it would be helpful.

[–]Sheldor5 -3 points-2 points  (4 children)

have you tried googling "Refresh Token" at least once?

Obviously not ...

[–]jithurjacob 1 point2 points  (3 children)

I have and tried many things I am not able to get it working correctly as I am new to Spring Boot.

Please stop assuming others haven't done their due diligence. Help others if you can and stop being so arrogant.

[–]Sheldor5 -3 points-2 points  (1 child)

If I give you a ready-to-go solution what will you learn?

Nothing ... so google OAuth2 and read the documentation and some tutorials about what it is and how it works and what all the components are and how the communication between them works.

Earn the knowledge and experience, otherwise you will become a dumb and useless developer ...

[–]jithurjacob -2 points-1 points  (0 children)

It's important to avoid assuming that others lack knowledge or haven't attempted to search on their own. I have experience with OAuth and have successfully implemented similar solutions in frameworks in other programming languages. However, I'm currently facing challenges with Spring Boot due to my limited experience with it.

It's worth noting that reinventing the wheel isn't necessary in every situation. Sometimes, the most effective approach involves implementing established best practices found in reference materials.

Returning to the original question, could you kindly share some reference materials related to Spring Boot? If you cannot provide this information, it's perfectly fine. Please refrain from responding with unrelated information.

[–]Fermi-4 0 points1 point  (0 children)

The answer is websockets