WebSockets Next: Allow to send authorization headers from web browsers using JavaScript clients

[michalvavrik]

• closes: quarkus-websockets-next connecting from browser with JWT #42824

• closes: Provide WebSockets Next support for authenticated JavaScript web socket upgrade and messages #44409

• I have tested it in Quickstarts WebSockets Next, I added OIDC, enabled OIDC Dev Svc, got token in DEV UI and passed it as query param to WS JS client and

const urlSearchParams = new URLSearchParams(window.location.search);
const token = urlSearchParams.get("bearer")
const quarkusHeaderProtocol = encodeURIComponent("quarkus-header#Authorization#Bearer " + token)
socket = new WebSocket("ws://" + location.host + "/chat/" + username, ["bearer", quarkusHeaderProtocol]);

[michalvavrik]

I'll not waste CI resources and fix docs build failure till I hear from reviewers because I have feeling this could go many ways, maybe even closing this PR completely.

[michalvavrik]

I thought about it more and I'll drop closing: # issue because maybe we should follow up with different work, not sure if it will ever happen. Spring seems to have integration with SocketJS https://docs.spring.io/spring-security/reference/servlet/integrations/websocket.html#websocket-authorization-notes-messagetypes that does authentication when connection has been established, but that won't integrate with what we have now.

[sberyozkin]

@michalvavrik Hi Michal,

I'll not waste CI resources and fix docs build failure till I hear from reviewers because I have feeling this could go many ways, maybe even closing this PR completely.

It should definitely not be closed, it is a step in the right direction, this is the most often asked question, how to get the token passed from Java Script WS API, thanks for initiating this work, it is a big deal, IMHO, it might need a bit more work, but I'm actually very positive about your PR.

By the way, setting it to Draft is the right way if you expect a few iterations with the PR

[michalvavrik]

@michalvavrik Hi Michal,

I'll not waste CI resources and fix docs build failure till I hear from reviewers because I have feeling this could go many ways, maybe even closing this PR completely.

It should definitely not be closed, it is a step in the right direction, this is the most often asked question, how to get the token passed from Java Script WS API, thanks for initiating this work, it is a big deal, IMHO, it might need a bit more work, but I'm actually very positive about your PR.

By the way, setting it to Draft is the right way if you expect a few iterations with the PR

Thanks Sergey, I can make it draft, but yesterday I took it as far as I can without feedback. So I feel like I need @mkouba and @sberyozkin to comment when you have time.

[mkouba]

@michalvavrik Hi Michal,

I'll not waste CI resources and fix docs build failure till I hear from reviewers because I have feeling this could go many ways, maybe even closing this PR completely.

It should definitely not be closed, it is a step in the right direction, this is the most often asked question, how to get the token passed from Java Script WS API, thanks for initiating this work, it is a big deal, IMHO, it might need a bit more work, but I'm actually very positive about your PR.
By the way, setting it to Draft is the right way if you expect a few iterations with the PR

Thanks Sergey, I can make it draft, but yesterday I took it as far as I can without feedback. So I feel like I need @mkouba and @sberyozkin to comment when you have time.

I'll take a look tomorrow...

[michalvavrik]

@sberyozkin @mkouba I reworked PR following Sergey suggestions, please have a look when the time is right for you. Thanks

[github-actions]

🎊 PR Preview 8b6a34f has been successfully built and deployed to https://quarkus-pr-main-45809-preview.surge.sh/version/main/guides/

• Images of blog posts older than 3 months are not available.
• Newsletters older than 3 months are not available.

[sberyozkin]

@michalvavrik LGTM, minor suggestions are proposed

[michalvavrik]

I think docs suggestions were great @sberyozkin , I applied them and found related changes. Should be better now.

[sberyozkin]

LGTM, it will make a real difference to those users who are struggling with finding solutions to pass tokens. Thanks

@mkouba Martin, please review as well

[quarkus-bot]

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit ff7436e.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

Warning

There are other workflow runs running, you probably need to wait for their status before merging.

You can consult the Develocity build scans.

[quarkus-bot]

Status for workflow Quarkus Documentation CI

This is the status report for running Quarkus Documentation CI on commit ff7436e.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.