Want to check how is basic authentication done in Web Socket protocol over JS.
Is it safe to provide userid and password in JS. Won't it appear in the browser? We can see JS code on the chrome browser which includes the variable values using developer tools (breakpoint, inspect, watch variables). So even if we store credentials in an environment variable, it might be accessible.
How is it done in a Production environment when we can't use another authentication mechanism such as client certificates or OAuth.