0

I'm trying to make a RPC call to a deepstream server, which require authentication, here is the config:

#Authentication
auth:
    type: http
    options:
        endpointUrl: http://localhost:3000/auth-user
        permittedStatusCodes: [ 200 ]
        requestTimeout: 500

And here is the permissions:

rpc:
    "*":
       provide: true
       request: true

The authentication is working fine. But when I try to make a RPC call before calling

client.login()

I keep getting this error: ACK_TIMEOUT, and looking on the websocket frames it doesn't seems that frames/data are sent to the server, is there some client side validation forbidding any interaction with the server before the login call? Is there a way to make an anonymous RPC call then make the login?

Rafael Gondim
  • 5
  • 2
  • 3

1 Answers1

0

deepstream does block all calls before authentication - even for public connections it's required to call login with null or empty arguments first. You could however create a public/open user that the http auth server allows through to make the initial RPC, then immediately disconnect and reconnect with the proper credentials

wolframhempel
  • 1,094
  • 10
  • 12
  • I've tried the login with null, but I'm getting INVALID_AUTH_DATA, should It be configured some where? (to allow anonymous login and authentication) – Rafael Gondim Dec 07 '16 at 17:09
  • In fact a call of login() with no arguments is foward to de HTTP authentication server, so I'm allowing a login without credentials, and enforcing some restriction policies using the permissions.yml – Rafael Gondim Dec 07 '16 at 19:13
  • with null you would also need to provide a callback, e.g. `.login(null, (success, errorCode, error)=>{})` - all calls are forwarded to the http auth server as quite often you want to read connectiondata, e.g. cookies from a header rather than user credentials. Just make sure that the auth server allows these calls to pass, but heavily restricts what they can do as you've mentioned above – wolframhempel Dec 08 '16 at 11:28