[Libwebsockets] [Libwebsocket] Adding authentication for Client
andy at warmcat.com
Fri Jul 15 09:14:17 CEST 2016
On Fri, 2016-07-15 at 12:33 +0530, atul kumar wrote:
> Hi Andy,
> I am currently trying to integrate libwebsocket to interact with my
> server which does support websocket.
> Have few queries w.r.t it.
> a) Websocket is just a plan HTTPS socket, so it is a secured socket.
> But it need to be authenticated before using it in secure way either
> vai certification or user/pass.
Hum this is my reply from offlist mail -->
> The usual idea is that the server handles this at http layer, and if
> it likes what you sent for authentication it paints the client with
> cookie and gives him html that has a script to open the ws
> connection . When the client makes the ws connection, he sends the
> auth cookie that he was given before.
> Libwebsocket does handle the security part inherently , but I am not
> sure how to add/enable authorization part. Could you share some
> pointer for it?
You need to wire it up yourself, lws doesn't do what you want out of
the box, but the pieces are mostly there.
You need to
- make a client connection using POST (see the 'method' member of the
client connection info struct)
- store the cookie from the response
- use that cookie to open a ws upgrade connection to the same server
> b)Libwebsocket is a plain socket connection, we still need to add
> intelligence for all the callbacks as shown for dummy. But could not
> proceed further unless point a get resolved.
Not sure what you're talking about.
> Any suggestion on above queries will be helpful.
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
More information about the Libwebsockets