Hey 👋 First of all I have to say that SuperTokens is such a great project! I'm using it for a sample project. Now I'm wondering if anybody knows if there is a way to secure a socket.io connection with SuperTokens? Thanks for your help!

Hey @codingtomato

I probably should mention that I have a Node JS Backend which runs an Express API and a Socket.IO Server. I also have a Vue JS Client which already uses SuperTokens for logging in. Now I would like to connect my Client over a socket connection too, but I dont know how to retrieve the user id in the backend.

So you can initiate the socket connection with a http call which uses

verifySession

as usual. During each even fire, you can auth the user in two ways: - Method 1: Create a JWT using

Session.createJWT

function and provide the user's ID in the payload. You can then pass this JWT to the frontend and verify it in each socket event. - Method 2: Send the session's sessionHandle to the frontend and send that on each socket event. You can then query the supertokens core to get info (like the userID) from the session handle. Method 1 is much faster since it's stateless verification, but method 2 is more secure since revoking a session will terminate the socket connection auth immediately.

Thank you so much! I will get on trying that immediately.