[Libwebsockets] [Libwebsocket] Adding authentication for Client

Andy Green andy at warmcat.com
Fri Jul 15 09:14:17 CEST 2016

On Fri, 2016-07-15 at 12:33 +0530, atul kumar wrote:
> Hi Andy,
> I am currently trying to integrate libwebsocket to interact with my
> server which does support websocket.
> Have few queries w.r.t it.
> a) Websocket is just a plan HTTPS socket, so it is a secured socket.
> But it need to be authenticated before using it in secure way either
> vai certification or user/pass.

Hum this is my reply from offlist mail  -->

>  The usual idea is that the server handles this at http layer, and if
> it  likes what you sent for authentication it paints the client with
> a
>  cookie and gives him html that has a script to open the ws
> connection . When the client makes the ws connection, he sends the
> auth cookie that he was given before.
>  Libwebsocket does handle the security part inherently , but I am not
> sure how to add/enable authorization part. Could you share some
> pointer for it?

You need to wire it up yourself, lws doesn't do what you want out of
the box, but the pieces are mostly there.

You need to

 - make a client connection using POST (see the 'method' member of the
client connection info struct)

 - store the cookie from the response

 - use that cookie to open a ws upgrade connection to the same server

> b)Libwebsocket is a plain socket connection, we still need to add
> intelligence for all the callbacks as shown for dummy. But could not
> proceed further unless point a get resolved.

Not sure what you're talking about.


> Any suggestion on above queries will be helpful.
> Regards
> Atul
> _______________________________________________
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
> http://libwebsockets.org/mailman/listinfo/libwebsockets

More information about the Libwebsockets mailing list