Authenticating through Phoenix.socket

I have a few questions about how to handle authentication through Phoenix.Socket connection.

My application provides publicly exposed services that require frequent data communication, so I need to make a socket connection before any authentication. I connect to a socket immediately after user loads the page.

Of course, not all communication is public. Some does require authentication and authorization. Since I already have a websocket connection, I decided to authenticate through that socket.

Q1: Is it secure to sign in through the socket? I will be using WSS of course.

From what I have read about sockets and channels, I can’t really assign new data (i.e. authentication tokens) to existing sockets and channels once they are constructed. (Correct me if I’m wrong!) That means that I need to separate ‘authenticated socket/channel’ and ‘public socket/channel’ from when I construct them.

Q2: Should I separate the secure and non-secure connections at socket level, i.e. user_socket & public_socket, or maintain only one socket and authenticate at channel level by requiring credentials each time the user joins secure channels?

I hope my questions are clear enough!

1 Like
  1. I cat’t think of why not. In my app I create a socket connection until the user logs in. When this happens I create a new socket connection with a JWT passed as a param.

  2. I’d just stick with one endpoint.