Unable to use authentication
janandries opened this issue · comments
I'm trying to use some sort of user authenticatoin for the SOSS websocket. I want to only allow certain users to be able to connect.
I use a python websocket client to test. This all works perfectly fine, until I try to use JWT tokens.
I have added a authentication part to my soss configuration YAML:
systems:
ws_server: {
type: websocket_server,
port: 12345,
cert: cery_file.cert,
key: key_file.key,
authentication:
{
policies:
[
{
secret: soss-websocket-test,
algo: HS256
}
]
}
}
Then, using python, i try to connect to the secure websocket, using the websocket_client
and pyjwt
packages
encoded_jwt = jwt.encode({}, 'soss-websocket-test', algorithm='HS256')
ws = websocket.WebSocketApp(f"wss://127.0.0.1:12345?token={encoded_jwt}")
No matter what I try, I don't get a connection (always a 401 unauthorized). I have also used a pre-generated token I found in the websocket__roundtrip_client.yaml
example, but even when I configure the server and client exactly as that example, I can't connect.
I tried to debug the soss websocket server, and when the request comes in, I see that it always fails because requested_sub_protos.size() is empty.
Can anyone point me in the right direction of how to create a working example with authentication, preferably using a python client example?
The websocket server does not support the rosbridge auth opcodes yet so it uses a hacky way to authenticate users base on the Sec-WebSocket-Protocol
header in the websocket handshake. You need to set the header to the jwt token in the client.