[Question] Authentication with JWT and storing data in the client session

[ChargemapHakan]

Hi,

I've set up a router, and added an authentication with JWT. That seems to work fine with Autobahn with all the challenges and stuff. However, what I need to do now is to extract data from the jwt token and store / associate them to the client session (ClientSession object). Extracting the data in the processAuthenticate method is not a problem but I don't have any link to the client session here. Also, I don't know how to set custom data in a session object. How should I do that ? I am not sure that this can be done in the processAuthenticate method and can't seem to find anything related to the session in the preProcessAuthenticate method neither.

Also, when a user subscribes to a topic, I would like to ensure that the user has the right to subscribe (based on the data we extracted from the JWT). Let's say we extracted userId 1234 from the JWT, and the same session subscribes to thread_9876_notifications. What I want to do is that on the subscribe event, I would like to check if the user 1234 has the right to access the thread 9876. How would this be possible ?

Thanks a lot guys :-)

PS: sorry for the duplicate with previous issue, somehow I mange to close it... not familiar with github :/

[semoriil]

No answer yet?

Regarding right to subscribe you can do it with AuthorizationManager. It works with setting static rules on server start and should work dynamically in custom AuthProviderClient.