There are the following possible strategies:

• auth after handshake (connection init payload)
• send token in url query param
• send cookies
• basic auth (also in the url)
• hack the subprotocol negotiation to include auth token

whatwg/websockets#16

Mention the Apollo implementation perhaps? Headers in the init payload

{:connection-init-payload {"headers" {"authorization" (str "Bearer " jwt}}}

+1, would love some documentation on how to add a jwt to an http graphql endpoint for use with AWS.

Are there any examples of this around?

Hi, thanks for the nudge, please check the readme now

Thanks! Looks great