I have an nginx proxy infront of my rancher instance serving HTTPS which is setup per the rancher documentation. I am trying to authenticate to a WSS socket at myhost/v1/projects/1a39/subscribe?eventNames=resource.change.
Using HTML5 websockets my connection string is like so:
var ws = new WebSocket("wss://apikey:secretkey@myhost/v1/projects/1a39/subscribe?eventNames=resource.change");
failed: HTTP Authentication failed; no valid credentials available
I am basing this off of this gist
What am I doing wrong here?
so it turns out most browsers dont support the authorization header for Websockets, which is this issue. One way I can determine is to pass a JWT token into the URL, but how does this work with the API? Posting to /v1/token requires a local user?
Token takes a
code, which has a meaning that depends on the auth provider configured, but it is not possible to generate a token from an API key.
The straightforward solution is to proxy the request and add the authorization header there; here’s the proxy that’s in the UI for development: https://github.com/rancher/ui/blob/master/server/proxies/api.js#L18-L25
Thanks @vincent. Kind of the solution I thought of when fetching lunch. Wasn’t sure if their was a more native approach or not.