Basic Authentication in JavaScript

Options
Neha
Neha Member, Employee Posts: 5 Solace Employee

Hi All

Want to check how is basic authentication done in Web Socket protocol over JS.

Is it safe to provide userid and password in JS. Won't it appear in the browser? We can see JS code on the chrome browser which includes the variable values using developer tools (breakpoint, inspect, watch variables). So even if we store credentials in an environment variable, it might be accessible.

How is it done in a Production environment when we can't use another authentication mechanism such as client certificates or OAuth.

Tagged:

Answers

  • [Deleted User]
    [Deleted User] Posts: 0 ✭✭
    Options

    Hey @Neha , if your credentials are sent to your front end — regardless of how/where they are interpolated into your front-end app they will as you called out be accessible to a potential actor. Token-based solutions like OAuth are your only way to prevent this if you don't want manual input from a user.

  • Tamimi
    Tamimi Member, Administrator, Employee Posts: 491 admin
    Options

    And to add to wha Andrew mentioned, you can consider server side authentication to avoid any front-end exposure of credentials

  • Neha
    Neha Member, Employee Posts: 5 Solace Employee
    Options

    Thanks Andrew And Tamimi

    So if I do not have a Token-based solution, there is no way to securely do Basic Authentication?

    Tamimi, Can you explain more on Server-Side Authentication option.

    Following this samples from Solace Github site. Would server-side authentication work here?

    https://github.com/SolaceSamples/solace-samples-javascript/blob/master/src/basic-samples/TopicPublisher/TopicPublisher.js