Expressframework~30 mins

Authentication in WebSocket connections in Express - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Authentication in WebSocket connections

📖 Scenario: You are building a chat server using Express and WebSocket. To keep the chat safe, you want to check if users are allowed to connect before letting them join the chat.

🎯 Goal: Build a simple Express server that accepts WebSocket connections only if the client sends a correct token in the connection URL query.

📋 What You'll Learn

Create an Express server with WebSocket support

Check for a token in the WebSocket connection URL query

Allow connection only if the token matches a preset secret

Close the connection if the token is missing or wrong

💡 Why This Matters

🌍 Real World

WebSocket authentication is important in real-time apps like chat, games, or live updates to ensure only authorized users connect.

💼 Career

Understanding how to secure WebSocket connections is a key skill for backend developers working on real-time web applications.

Progress0 / 4 steps

Set up Express server and WebSocket

Create an Express server and set up a WebSocket server using the ws library. Store the server in a variable called server and the WebSocket server in a variable called wss.

Express

const express = require('express');
const http = require('http');
const WebSocket = require('ws');

// Your code here

Need a hint?

Use http.createServer(app) to create the server and pass it to new WebSocket.Server.

Define the secret token

Create a constant variable called SECRET_TOKEN and set it to the string "mysecrettoken123".

Express

const express = require('express');
const http = require('http');
const WebSocket = require('ws');

const app = express();
const server = http.createServer(app);
const wss = new WebSocket.Server({ server });

// Your code here

Need a hint?

Use const SECRET_TOKEN = "mysecrettoken123"; to define the token.

Check token on WebSocket connection

Add a wss.on('connection', (ws, request) => { ... }) event listener. Inside it, get the token from request.url query string using new URL(request.url, 'http://localhost'). Then check if the token equals SECRET_TOKEN. If not, close the WebSocket connection with ws.close().

Express

const express = require('express');
const http = require('http');
const WebSocket = require('ws');

const app = express();
const server = http.createServer(app);
const wss = new WebSocket.Server({ server });

const SECRET_TOKEN = "mysecrettoken123";

// Your code here

Need a hint?

Use new URL(request.url, 'http://localhost') to parse the URL and get the token with searchParams.get('token').

Start the server listening

Add server.listen(3000) to start the server on port 3000.

Express

const express = require('express');
const http = require('http');
const WebSocket = require('ws');

const app = express();
const server = http.createServer(app);
const wss = new WebSocket.Server({ server });

const SECRET_TOKEN = "mysecrettoken123";

wss.on('connection', (ws, request) => {
  const url = new URL(request.url, 'http://localhost');
  const token = url.searchParams.get('token');
  if (token !== SECRET_TOKEN) {
    ws.close();
  }
});

// Your code here

Need a hint?

Use server.listen(3000) to start the server on port 3000.