A non-traditional access service that leverages websockets to provide user authentication

Usage no npm install needed!

<script type="module">
  import websocketAccessService from 'https://cdn.skypack.dev/websocket-access-service';


Websocket Access Service

A non-traditional access service that leverages websockets to provide user authentication.

NPM version Build Status Dependency Status


The Websocket Access Service uses tokenized gated messaging and shared keys to accept or deny access to resources. It is designed to be used with an existing multi-channel messaging hub like node-messaging-commons but will work with other messaging systems as well.



    npm install websocket-access-service --save


The project includes a "browser" folder with enough to create a small authentication page. Once a user enter's their password, it is set then "authenicate" is called. If the backend services are up, then all should work as expected.

Here is a short snippet of the browser code:

<!DOCTYPE html>
    <title>test access page</title>
    <script src="browser-messaging-commons.js"></script>
    <script src="hmac-sha256.js"></script>
    <script src="AccessClient.js"></script>
        var client;

        var accessClickHandler = function() {
            // set the password as entered by the user
            client.setUserAccessKey( 'fire-fighter3' );

            // start the websocket process

        var startAccessClient = function() {
            // simulate finding a user with an active session
            var opts = {};
            opts.user  = {

            // create the access client instance with user object
            client = AccessClient.createInstance( opts );

            // make available for debugging
            window.client = client;

Client Authentication

The AccessClient class does the work of creating the approprate channels and makeing the requests. Here are the steps...

  • prompt for and set the plain text password
  • create consumer access channel
  • create private producer channel
  • wait for access token and send request to listen on private channel
  • broadcast data on private channel
  • wait for response (with timeout)
  • on ready response, send the encoded password (hash)
  • on response, close the private channel
  • on positive response, do action A
  • on negative response, do action B
  • on timeout, exit with error


The project includes a "bin" folder with a run/start/stop and status scripts. The run script is the same as start, but it runs in the forgound. It looks something like this:

    var config = require('./config.json'),
        AccessService = require('websocket-access-service'),
        service = AccessService.createInstance( config );


If you have a message service running on this port, then this is enough to start the public producer channel to periodically send out access tokens (one per second). To create and start a generic message service, see this commons project.


Here is a sample configuration file.

    "channels":[ "/access" ],

You would want to have a proxy and preferrably HTTPS in front of this but port 29169 works for development.

Sample User List

The project inclues a very basic sample of access users. You would generate and plug in your own keys through some other process.



Unit tests include should/specs, jshint and validate-package. Tests can be run from the command line with this:

    make test


    make watch


    grunt mochaTest jshint validate-package

Copyright © 2014-2015, rain city software | Version 0.90.25