I am working on a project where we have been using crud with a rest api, standard stuff. Now we want to switch to websockets as we want to have realtime updates. Think airline reservation calender. When someone clicks on a box in calender it needs to be blocked on every connected user.
I see a lot of examples of people giving examples of authentication over the websocket. But I find creation of web-socket before login to a system wasted full.
So ideally I would like to authenticate the user via JWT over an HTTP POST and get a token and if use it authenticated then create a websocket with the token that i get from JWT.
Before I get into details. Is this the write way to do or should one create a websocket connetion right away and do the whole api stuff over websocket including the initial auth(username ,password stuff) .
Thanks
Your approach "authenticating via JWT over HTTP and then using webSockets with the token" strikes a balance between security, simplicity, and performance its also easier to implement using existing libraries and frameworks that support JWT
and WebSockets
.
If you want to explore WebSocket-based APIs for everything, it can be done, but for your current use case (real-time updates), a hybrid approach (REST + WebSocket) is more practical and common.