Hi!I'm going to use OAuth2 to secure my API as well as with my socket.io API. I've looked into it and it seems fairly straightforward (there's an authorization hook for socket.io).My only question is what would be a nice method to allow non-authenticated users to still receive events rather than simply disallowing them access. Authenticated users should be able to receive events as well as emit them. My first thought would be to attach a flag to the socket session 'read-only' or something. Any suggestions?The context is a public chat room, where logged-in users can actually send messages and anonymous users can still read.Thanks
Submitted January 29, 2016 at 04:17PM by Witless-One
No comments:
Post a Comment