Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

As of now Colyseus does not have any authentication step in built, so Marie can be Marie but is actually Jake! Lets make sure that Jake can’t be Marie.

My proposal is as follows and assumes TLS

  • Upon initial connection the server sends a request_authorization event. Which has a nonce and a state.
  • Upon receiving the request_authorization the client fetches a JWT using an IdP and sends this JWT back authorization as the first event with the payload as a JWT.
  • The server validates the token
    • If the token is invalid or nonce/state failure occurs the server emits an authorization_error event and must close the connection immediately.
    • If the token is valid the server sends authenticated event and continues to initialize the client.

This will work just fine with #48 in future as any transport mechanism can implement this as the primary means of upgrading the connection.

The Token structure is tbd we need to consider what the user will be able to do (privileged access, etc, before we find the optimal token structure)

This flow does not account for IdP initiated flow. However, the match-making can still be moved to the identity provider which will resolve #43

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Reactions:1
  • Comments:6 (3 by maintainers)

github_iconTop GitHub Comments

darkyencommented, Nov 14, 2017


endelcommented, Nov 14, 2017

Finally an initial implementation of this!

Feel free to re-open if you feel something is missing. Thanks, @darkyen!

Read more comments on GitHub >

github_iconTop Results From Across the Web

Authentication - Wikipedia
Authentication (from Greek: αὐθεντικός authentikos, "real, genuine", from αὐθέντης authentes, "author") is the act of proving an assertion, such as the ...
Read more >
Authentication: Definition, Types, Uses & More | StrongDM
Authentication is the process of verifying a user or device before allowing access to a system or resources. In other words, authentication ......
Read more >
What is Authentication? Definition and uses - Auth0
Authentication is a term that refers to the process of proving that some fact or some document is genuine. In computer science, this...
Read more >
Understanding Authentication, Authorization, and Encryption
Authentication is used by a server when the server needs to know exactly who is accessing their information or site. · Authentication is...
Read more >
What is Authentication? Definition of ... - The Economic Times
Definition: Authentication is the process of recognizing a user's identity. It is the mechanism of associating an incoming request with a set of...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found