-
https://ory-community.slack.com/archives/C01340V8KSM/p1642096090011200 |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
|
It is possible to pass along the connection through Oathkeeper using WebSockets, but it will only authenticate the cookie on the first connection. Example: I have a gin server that is hosting some apis [GIN-debug] GET / --> main.main.func1 (3 handlers)
[GIN-debug] GET /auth --> main.main.func2 (3 handlers)
[GIN-debug] GET /ws --> main.main.func3 (3 handlers)The Note some of the below code is taken from these source 1, source 2 package main
import (
"fmt"
"github.com/gin-gonic/gin"
"github.com/gorilla/websocket"
)
func main() {
r := gin.Default()
r.LoadHTMLFiles("index.html")
r.GET("/", func(c *gin.Context) {
c.SetCookie("ory_kratos_session", "1234", 1000, "/", "127.0.0.1", false, false)
c.HTML(200, "index.html", nil)
return
})
r.GET("/auth", func(c *gin.Context) {
c.Status(200)
})
r.GET("/ws", func(c *gin.Context) {
var wsupgrader = websocket.Upgrader{
ReadBufferSize: 1024,
WriteBufferSize: 1024,
}
conn, err := wsupgrader.Upgrade(c.Writer, c.Request, nil)
if err != nil {
fmt.Println("Failed to set websocket upgrade: %+v", err)
return
}
for {
t, msg, err := conn.ReadMessage()
if err != nil {
break
}
conn.WriteMessage(t, msg)
}
return
})
r.Run("localhost:8080")
}index.html <html>
<head>
<script src="https://code.jquery.com/jquery-2.1.1.min.js"></script>
</head>
<body>
<h3>WebSocket Go</h3>
<pre id="output"></pre>
<script>
url = 'ws://127.0.0.1:4455/ws';
c = new WebSocket(url);
send = function(data){
$("#output").append((new Date())+ " ==> "+data+"\n")
c.send(data)
}
c.onmessage = function(msg){
$("#output").append((new Date())+ " <== "+msg.data+"\n")
console.log(msg)
}
c.onopen = function(){
setInterval(
function(){ send("ping") }
, 1000 )
}
</script>
</body>
</html>oathkeeper config ...
authenticators:
anonymous:
enabled: true
config:
subject: guest
cookie_session:
enabled: true
config:
check_session_url: http://127.0.0.1:8080/auth
preserve_path: true
only:
- ory_kratos_session
...oathkeeper rules -
id: "websocket"
upstream:
preserve_host: false
url: "http://127.0.0.1:8080"
match:
url: "http://127.0.0.1:4455/ws"
methods:
- GET
authenticators:
-
handler: cookie_session
authorizer:
handler: allow
mutators:
- handler: noop
errors:
- handler: redirect
config:
to: http://127.0.0.1:4455/authOutput: [GIN-debug] Listening and serving HTTP on localhost:8080
[GIN] 2022/01/14 - 11:49:30 | 200 | 151.154µs | 127.0.0.1 | GET "/"
[GIN] 2022/01/14 - 11:49:30 | 200 | 1.249µs | 127.0.0.1 | GET "/auth"
[GIN] 2022/01/14 - 11:49:31 | 404 | 620ns | 127.0.0.1 | GET "/favicon.ico"As you can see here it calls the
|
Beta Was this translation helpful? Give feedback.
-
|
Thank you for the example code and everything else! I'll test this in my setup and come back if I have any more questions! |
Beta Was this translation helpful? Give feedback.
-
|
@Benehiko can we put this into the docs? :) |
Beta Was this translation helpful? Give feedback.
-
|
I have opened an issue to track this :) Will try get it done this week |
Beta Was this translation helpful? Give feedback.
-
|
Here is the PR for anyone interested: ory/docs#768 |
Beta Was this translation helpful? Give feedback.
It is possible to pass along the connection through Oathkeeper using WebSockets, but it will only authenticate the cookie on the first connection.
Example:
I have a gin server that is hosting some apis
The
/wspath is my WebSocket pathNote some of the below code is taken from these source 1, source 2