Suggestions for supportng multiple client applications & API key based authentication

[madhub]

Suggestions for supporting multiple client applications & API key based authentication

Currently server uses jwt token for authentication of web socket request from the tunnel client.
It would be nice if you use simple API key based authentication , where list of valid API key's can be configured via environment variable.

Multiple API keys can use .
Below example shows a API keys per application.

export API_KEYS="apikey1:myapp1,apikey2:myapp2"
node server.js

On the client side
API key & application name are send in the initial WebSocket connection, server will check the API key & app name from the lookup parsed from API_KEYS environment variable. If matches it maintains the Tunnel connection with appname as key

When external clients wants to send request to application , it can pass application name in the URL.

Example : If the tunnel server is running on endpoint https://example.com & a request for app1 & app2 looks as follows
https://example.com/app1
https://example.com/app2
Tunnel Server can extract the application name from the URL & lookup TunnelConnection map & route request to proper web socket connection.

[embbnux]

Hi @madhub this is good idea to support multiple clients based on path. Let me add it into backlog.

[madhub]

Great , what about using simpler API key's via environment variable for authentication ?, Any comment ?

I made working changes on my fork with API key & app name . on the client side , I am using the profile has the application name . See the details in below link

NOTE: I have not updated the documentation

• Client Changes
• Server Changes

Working sample

[embbnux]

Hi @madhub Sorry for missing this message. It is great that you have implement it in your fork. It is good to support authorization by app keys. And I would like to support base JWT and app keys.

And it is appreciated if you can send pull request to this project. So we can have more discussion at that PR.

[madhub]

I can raise the pull request for the existing implementation in my fork
However I have only kept API key for simplicity , I don't have JWT in my fork and I have not updated the client side documentation ( readme.md). Is this OK ?