Auth0 Community

How do you securely pass a token over websocket with Auth0?

storyknight November 5, 2023, 7:12am 1

I have followed this example when it has come to securing an API: Auth0 Go API SDK Quickstarts: Authorization

However, there is no way to pass an Authorization header onto a websocket (as far as I understand). One alternative is to pass the full token in the query parameters, but this is not secure e.g. ws://example.com/ws?token=XXX

Hope that makes sense, and thank you for any help!

tyf November 6, 2023, 9:40pm 2

Hey there @storyknight welcome to the community!

Unfortunately I’m not sure there is an easy workaround for this - Is it an option to pass the token as a custom header when initially setting up the websocket connection?

system Closed November 20, 2023, 9:41pm 4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views	Activity
SPA using an API through a WebSocket Help	0	3156	December 21, 2021
JWT for IoT/Websocket Connection Authentication JWT.io	3	6949	September 3, 2019
Using two JWT tokens for websockets Help jwt , auth0	1	3992	August 9, 2020
SocketIO with Auth0 Help apis , application	3	1665	February 28, 2023
Missing Authorization header Help jwt	0	1960	September 28, 2022