Share vars on extension

10 views
Skip to first unread message

Jorge Osorio

unread,
May 15, 2013, 10:06:32 PM5/15/13
to faye-...@googlegroups.com
Hi everyone,

I have an extension to read incoming outgoing messages, i want in /meta/handshake authorize an user with name/password then retrieve an auth_token on /meta/handshake response, but i don't don't know how i can has the username in the response.

def incoming(message, callback)
    if message["channel"] == "/meta/handshake"
      authorize(message)
    end
    callback.call(message)
  end

  def outgoing(message, callback)
    if message["channel"] == "/meta/handshake"
      # how here i can know who was the handshake OK
    end
  end

James Coglan

unread,
May 16, 2013, 2:26:32 AM5/16/13
to faye-...@googlegroups.com
I'm not sure this is possible -- handshakes, by definition, don't carry enough identifying information for you to do this. What are you trying to build? 

Jorge Osorio

unread,
May 17, 2013, 11:10:54 AM5/17/13
to faye-...@googlegroups.com
Hi, I want do this:

In the incoming handshake message authenticate an user, in the ext var he send me a key, password. i can verify that, OK!. the problem is how to respond with a generated auth_token in the outgoing handshake. But in that case i dont have any idea to know who is that person, is the same that i authenticate, i don't think so. i want to use that handshake to authenticate user and respond an auth tomen to consume the subscribe and send message faye events.

James Coglan

unread,
May 17, 2013, 3:01:18 PM5/17/13
to faye-...@googlegroups.com
On 17 May 2013 16:10, Jorge Osorio <jorge.os...@gmail.com> wrote:
In the incoming handshake message authenticate an user, in the ext var he send me a key, password. i can verify that, OK!. the problem is how to respond with a generated auth_token in the outgoing handshake. But in that case i dont have any idea to know who is that person, is the same that i authenticate, i don't think so. i want to use that handshake to authenticate user and respond an auth tomen to consume the subscribe and send message faye events.

If you want to do token-based auth I'd invent and endpoint on your app for doing this, or use the approach describe in http://faye.jcoglan.com/security.html to generate signing tokens and include them in pages where the client operates.

Or, you could pass the username/password when subscribing instead of when handshaking and apply the access control there, which would remove the need for an intermediate token.
Reply all
Reply to author
Forward
0 new messages