authenticate connections using JWTs

npm install socketio-jwt
11 downloads in the last day
50 downloads in the last week
275 downloads in the last month

Authenticate incoming connections with JWTs. This is useful if you are build a single page application and you are not using cookies as explained in this blog post: Cookies vs Tokens. Getting auth right with Angular.JS.


npm install socketio-jwt

Example usage

// set authorization for
  .on('connection', socketioJwt.authorize({
    secret: 'your secret or public key',
    timeout: 15000 // 15 seconds to send the authentication message
  }).on('authenticated', function(socket) {
    //this socket is authenticated, we are good to handle more events from it.
    console.log('hello! ' +;

Client side:

var socket = io.connect('http://localhost:9000');
socket.on('connect', function (socket) {
    .on('authenticated', function () {
      //do other things
    .emit('authenticate', {token: jwt}); //send the jwt

One roundtrip

The previous approach uses a second roundtrip to send the jwt, there is a way you can authenticate on the handshake by sending the JWT as a query string, the caveat is that intermediary HTTP servers can log the url.

var io            = require("")(server);
var socketioJwt   = require("socketio-jwt");

// set authorization for
io.set('authorization', socketioJwt.authorize({
  secret: 'your secret or public key',
  handshake: true

io.on('connection', function (socket) {
  console.log('hello! ',;

For more validation options see auth0/jsonwebtoken.

Client side:

Append the jwt token using query string:

var socket = io.connect('http://localhost:9000', {
  'query': 'token=' + your_jwt


You are always welcome to open an issue or provide a pull-request!

Also check out the unit tests:

npm test


Licensed under the MIT-License. 2013 AUTH10 LLC.

npm loves you