authenticate connections using JWTs

npm install socketio-jwt
6 downloads in the last day
48 downloads in the last week
269 downloads in the last month

Authenticate incoming connections with JWTs. This is useful if you are build a single page application and you are not using cookies as explained in this blog post: Cookies vs Tokens. Getting auth right with Angular.JS.


npm install socketio-jwt

Example usage

// set authorization for
  .on('connection', socketioJwt.authorize({
    secret: 'your secret or public key',
    timeout: 15000 // 15 seconds to send the authentication message
  }).on('authenticated', function(socket) {
    //this socket is authenticated, we are good to handle more events from it.
    console.log('hello! ' +;

Client side:

var socket = io.connect('http://localhost:9000');
socket.on('connect', function (socket) {
    .on('authenticated', function () {
      //do other things
    .emit('authenticate', {token: jwt}); //send the jwt

One roundtrip

The previous approach uses a second roundtrip to send the jwt, there is a way you can authenticate on the handshake by sending the JWT as a query string, the caveat is that intermediary HTTP servers can log the url.

var io            = require("")(server);
var socketioJwt   = require("socketio-jwt");

// set authorization for
io.set('authorization', socketioJwt.authorize({
  secret: 'your secret or public key',
  handshake: true

io.on('connection', function (socket) {
  console.log('hello! ',;

For more validation options see auth0/jsonwebtoken.

Client side:

Append the jwt token using query string:

var socket = io.connect('http://localhost:9000', {
  'query': 'token=' + your_jwt


You are always welcome to open an issue or provide a pull-request!

Also check out the unit tests:

npm test


Licensed under the MIT-License. 2013 AUTH10 LLC.

npm loves you