I have a few questions about how to handle authentication through
My application provides publicly exposed services that require frequent data communication, so I need to make a socket connection before any authentication. I connect to a socket immediately after user loads the page.
Of course, not all communication is public. Some does require authentication and authorization. Since I already have a websocket connection, I decided to authenticate through that socket.
Q1: Is it secure to sign in through the socket? I will be using
WSS of course.
From what I have read about sockets and channels, I can’t really assign new data (i.e. authentication tokens) to existing sockets and channels once they are constructed. (Correct me if I’m wrong!) That means that I need to separate ‘authenticated socket/channel’ and ‘public socket/channel’ from when I construct them.
Q2: Should I separate the secure and non-secure connections at socket level, i.e.
public_socket, or maintain only one socket and authenticate at channel level by requiring credentials each time the user joins secure channels?
I hope my questions are clear enough!