🎄 Happy Holidays! 🥳
Most of Solace is closed December 24–January 1 so our employees can spend time with their families. We will re-open Thursday, January 2, 2024. Please expect slower response times during this period and open a support ticket for anything needing immediate assistance.
Happy Holidays!
Please note: most of Solace is closed December 25–January 2, and will re-open Tuesday, January 3, 2023.
Basic Authentication in JavaScript
Hi All
Want to check how is basic authentication done in Web Socket protocol over JS.
Is it safe to provide userid and password in JS. Won't it appear in the browser? We can see JS code on the chrome browser which includes the variable values using developer tools (breakpoint, inspect, watch variables). So even if we store credentials in an environment variable, it might be accessible.
How is it done in a Production environment when we can't use another authentication mechanism such as client certificates or OAuth.
Answers
-
Hey @Neha , if your credentials are sent to your front end — regardless of how/where they are interpolated into your front-end app they will as you called out be accessible to a potential actor. Token-based solutions like OAuth are your only way to prevent this if you don't want manual input from a user.
0 -
Thanks Andrew And Tamimi
So if I do not have a Token-based solution, there is no way to securely do Basic Authentication?
Tamimi, Can you explain more on Server-Side Authentication option.
Following this samples from Solace Github site. Would server-side authentication work here?
0