Remote JWT
Jonathan
Mark
Overview
JWT’s are the new (maybe not so new) thing. Either way, they’re an upgrade in security and efficiency compared to our current, and archaic, username and password method. It’s time to update our app and Home Hubs to use JSON web tokens for authentication.
This will require a couple changes. First, our cloud will need a new endpoint for verifying, creating, and signing the new JWT. Second, our model (which uses Socket.io) will require changes to its client and server connections. Throw in a socket handshake middleware for passing the JWT and, lastly, once the token is verified in our cloud’s auth hook, let them in.
Techs
node
redis
socket.io
jwt
aws
git
Complexities
This was my first time working with JWT’s, Socket.io, Redis, and, frankly, our cloud. Most of the complexities were with understanding the intricacies of the client-server relationship between our model and our cloud. What’s the client to this? And what’s the server for that? Where does that get called? Oh, and how do I get this cloud to run locally with all these AWS configs?
Our websocket connections can also get created through two methods - Node.JS and the browser. With the version of Socket.io our model is on (it’s old), testing can be a bit tricky.
The result? An enhanced product that’s faster and more secure and affects all future deployments to come.
The work included creating a new endpoint on our internal cloud server using REST principles, enhancing our cloud server’s hooks for new authentication, and enhancing our websocket connection using Socket.IO.
