Skip to content

SignalR Bearer Token (YARP) : suggested change  #32272

New issue
New issue
Open
Open
SignalR Bearer Token (YARP) : suggested change #32272
Labels
SignalRSource - Docs.msDocs Customer feedback via GitHub Issueaspnet-core/svcaspnetcore-signalr/subsvcre-Aditya@adityamandaleeka must review
@swegele

Description

@swegele
swegele
opened on Apr 7, 2024

Description

Currently the docs say this about using bearer tokens with WebSockets:

In standard web APIs, bearer tokens are sent in an HTTP header. However, SignalR is unable to set these headers in browsers when using some transports. When using WebSockets and Server-Sent Events, the token is transmitted as a query string parameter.

See this example from microsoft.
YARP allows me to easily attach a bearer token header to the WS traffic as it proxies to the BFF secured with MS Entra OID using JwtBearerDefaults.AuthenticationScheme.
I just tested it and all the Auth works great.

The docs make it sound like bearer token headers will not work with WebSockets. But this is slightly misleading. I wonder if this could be clarified?

Page URL

https://learn.microsoft.com/en-us/aspnet/core/signalr/authn-and-authz?view=aspnetcore-8.0

Content source URL

https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/signalr/authn-and-authz.md

Document ID

6d8f5bc8-8f5c-ba13-b7f2-0366eac46f81

Article author

@bradygaster

Metadata

Metadata

Assignees

No one assigned

    Labels

    SignalRSource - Docs.msDocs Customer feedback via GitHub Issueaspnet-core/svcaspnetcore-signalr/subsvcre-Aditya@adityamandaleeka must review

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions