1

I need a login system for my website through which i can securely authenticate my users on my ws server. The client side code is a javascript function, which is able to send a token over as a packet and the server side code gets the packet and gets the string out of it. From here i could connect with a datebase or whatever.

My problem is, i don't want to send over the username and password, because this seems very unsecure to me. Is there any way to authenticate through a secure way? I just want to let the server check if the user is loggin in and if that's the case which account it is. I was thinking about google auth, but i don't know where to start.

I hope you can help me. Kind regrads,

Simon

Simon Pannek
  • 41
  • 1
  • 6
  • You can implement authorization outside websocket, and set cookie with Bearer token, and start sending that token in your websocket – Leguest Apr 15 '17 at 09:00
  • I found this online: https://developers.google.com/identity/sign-in/web/server-side-flow Do you think i could work with this too? Like as you said sending the token as a cookie, but instead of the bearer token the access token? – Simon Pannek Apr 15 '17 at 09:22
  • Yes, OAuth works similar, but anyway you need implement google auth outside of websocket connection, and after login, you can use your access token – Leguest Apr 15 '17 at 09:31

1 Answers1

0

Well you can use WSS instead of WS. WSS is secure web socket. It can be implemented over HTTP or HTTPS. See this related post: html5 Websocket with SSL

Community
  • 1
  • 1
Nadir Latif
  • 3,690
  • 1
  • 15
  • 24
  • My problem here is, that it's some kind of game server and i am sending hundreds of packets a second. This makes it more difficult to change from http to https. – Simon Pannek Apr 17 '17 at 10:51
  • Well you can still have WSS over http. See this related post: http://stackoverflow.com/questions/26791107/websockets-wss-on-http-vs-wss-on-https – Nadir Latif Apr 17 '17 at 12:01