why deepstreamHub? compare us getting started feature roadmap faq
use cases pricing
products
developers
company
blog contact

Token based authentication is becoming popular for authentication in modern micro service architectures and programatic access across a host of technologies ranging from PHP to Lambda. In this guide, we'll learn how to implement this in deepstream. Before we move forward, its important to note that token based authentication is currently available only on deepstreamHub. We also have something called session tokens but these are shortlived tokens which are valid only for a duration of 24 hrs from the time they were created. Feel free to read more about how to implement them, here

On your dashboard

If you open up the dashboard for your application, you'll find an option to enable token auth. It is disable by default.

token-auth

Next, add a token by giving it a name and optionally some client and server data. The client data will be sent back to the client to be utilised within the application logic, whereas the server data will be associated with the particular client but shall remain in the server. The server data can be used for some security purposes using the permissioning feature.

adding-token

After you have added a token with the above data, deepstream will generate a unique token. This is the token that your user will use in order to log into deepstream without having to provide any additional credentials each time.

In your client

Now lets see how we can use this token to log into deepstream.

Like any other authentication mechanism in deepstream, you first need to establish a connection to the deepstream server. Next, call the login method on the client and pass the authentication parameters, which in this case, is just the token.

Include the source file in your HTML file.

<script src="https://code.deepstreamhub.com/js/latest/deepstream.min.js"></script>

In your script, connect to deepstream and call login, as shown below:

// Connect to deepstreamHub
var client = deepstream('<YOUR APP URL')

client.login({
      //you only need to pass the token in auth params
      token: '<YOUR TOKEN GENERATED ON THE DASHBOARD>'
  }, function(success, data) {
      if (success) {
         //success is true
         //data contains {"favColor":"blue","username":"bob"}
      } else {
        // user login failed
      }
  })

That's it ! Your client can now log into your deepstream application using just a token.