Auth0 and Websockets

I am creating a sample app using auth0 , spring, angular 11. without websockets this is ok. But once I want to incorporate websockets, things are going wrong
The article is broken https://auth0.com/blog/2014/01/15/auth-with-socket-io/

I have a proxy conf that maps angular port to spring services port, so not sure what to use here for websocket–
(1) using spring url as-is
new SockJS(‘http://localhost:2023/pipeline’);
Error: Access to XMLHttpRequest at ‘http://localhost:2023/pipeline/info?t=1618440125594’ from origin ‘http://localhost:4200’ blocked by CORS policy
(2) using proxy conf, because I prefixed with server in the endpoint
If I use – const socket = new SockJS(‘server/pipeline’); /server is having target http://localhost:2023 then Error: 401 unauthorized My Rest API endpoints are ok I have Auth0 also in my app. So websocket is not working for me. Any idea how to connect?

““It is a common misconception that a user who is authenticated in the hosting web application, is also authenticated in the socket stream. These are two completely different channels.” - José F. Romaniello, https://auth0.com/blog/2014/01/15/auth-with-socket-io/

Can I get an example

Is CORS issue because of using Auth0 integration ? please can I ask if there an example - websocket - Auth0 combination (spring backend)?

Hi Auth0
I understand the question will get closed in 15 days. Please can someone answer my question??
I need a websocket example - stomp , sockjs or socket.io
If this is not possible, please can you flag and I will inform my company

says

Deprecation Notice

This sample has been deprecated. Please see the auth0-samples org for the latest Auth0 samples.

Auth0 team, do you have an example Auth0, Angular, Spring , Websockets ? This is a critical functionality. There are many websockets -angular-spring examples, but without Auth0
I am getting CORS issue. Has anyone worked on websockets - spring security - angular and Auth0?

Hi @k-auth0,

It doesn’t appear that we have an example of that framework. The sample you linked is being deprecated and I would not recommend using it. There is no replacement sample at this time.

Thanks for the reply.

Can I ask, if there is any limitation with Auth0 in the architecture - Angular 10/11 - Auth0 - Spring Boot with Security?

This is a fairly broad question. Do you have a specific concern or example scenario?

Hi @dan.woda
I am looking for an example - websockets and Auth0 with Angular, like auth0-socketio-jwt/example at master · auth0-community/auth0-socketio-jwt · GitHub

The example should consider security., as many example are there for the sake of doing type. When taken to enterprise level they flunk.

So looking for an easy example - A simple application with 1 rest controller (couple of end points) and 1 with some topic endpoint etc, and use spring security to control access
Angular page with a single button and a text area that display messages from spring backend for the subscribed topic

Bottom line - an example like the deprecated one, for angular 11

As I mentioned above, there is no example of this exact architecture. I am happy to answer any specific questions you have about an implementation.

I mentioned the issue in the first post, please can you check (1) and (2). I stashed the code as it happened 27days ago. Will recreate and put the logs.

You can see stackoverflow - Angular Websocket CORS issue - Stack Overflow

So Is there no plan to update the deprecated example? It is 1 end point with topic , and prove Auth0 works well?

Can you add some more details to those questions? It’s not possible to get a clear picture of the problem from your first post. Code snippets are helpful. Using clear formatting is also very helpful. It’s difficult to understand what is going on with just an error code and little detail about what is causing it.

The CORS policy usually stems from a request that crosses origins.

Can you post a code block of the call that is returning the 401 error? This is often caused by a setting misconfiguration.

It doesn’t look like it. As I mentioned above, there is no 1:1 replacement for the deprecated sample.