WSS Authentication failure

Howdy,

I have an nginx proxy infront of my rancher instance serving HTTPS which is setup per the rancher documentation. I am trying to authenticate to a WSS socket at myhost/v1/projects/1a39/subscribe?eventNames=resource.change.

Using HTML5 websockets my connection string is like so:

var ws = new WebSocket("wss://apikey:secretkey@myhost/v1/projects/1a39/subscribe?eventNames=resource.change");

However, in javascript console I receive the following error:

failed: HTTP Authentication failed; no valid credentials available

I am basing this off of this gist

What am I doing wrong here?

so it turns out most browsers dont support the authorization header for Websockets, which is this issue. One way I can determine is to pass a JWT token into the URL, but how does this work with the API? Posting to /v1/token requires a local user?

Token takes a code, which has a meaning that depends on the auth provider configured, but it is not possible to generate a token from an API key.

The straightforward solution is to proxy the request and add the authorization header there; here’s the proxy that’s in the UI for development: https://github.com/rancher/ui/blob/master/server/proxies/api.js#L18-L25

Thanks @vincent. Kind of the solution I thought of when fetching lunch. Wasn’t sure if their was a more native approach or not.

Regards