Backends should have access to socket
scttnlsn opened this issue · comments
Scott Nelson commented
Authorization should happen at the level of the backend since using Socket.IO's authorization mechanism does not offer enough granularity. As an example, consider a backend that allows anyone to read but only logged in users to create, update or delete. By providing the backend with a socket, it could optionally obtain the session ID and authorize the current operation.
Scott Nelson commented
Experimenting on the auth
branch:
https://github.com/scttnlsn/backbone.io/tree/auth