Skip to content

docs(websockets): add JWT connection authentication guide#3463

Open
faizkhairi wants to merge 2 commits into
nestjs:masterfrom
faizkhairi:docs/websocket-jwt-authentication
Open

docs(websockets): add JWT connection authentication guide#3463
faizkhairi wants to merge 2 commits into
nestjs:masterfrom
faizkhairi:docs/websocket-jwt-authentication

Conversation

@faizkhairi

@faizkhairi faizkhairi commented Jun 27, 2026

Copy link
Copy Markdown

PR Checklist

Please check if your PR fulfills the following requirements:

PR Type

What kind of change does this PR introduce?

  • Docs

What is the current behavior?

The WebSockets Guards page documents @UseGuards() on @SubscribeMessage() handlers only. It does not explain how to authenticate clients during the initial Socket.IO handleConnection() handshake.

Related discussion: nestjs/nest#882

Issue Number: N/A

What is the new behavior?

Adds an Authenticating connections section to content/websockets/guards.md covering:

  • Why connection-time auth differs from message-scoped guards
  • Verifying a JWT from handshake.auth or the Authorization header
  • Disconnecting invalid clients in handleConnection()
  • Joining user-specific rooms after verification
  • A matching socket.io-client example

Does this PR introduce a breaking change?

  • No

Other information

Verified locally:

npm run docs-only

Result: docs generated successfully (includes updated websockets/guards page).

Examples follow existing @@filename / @@switch conventions used elsewhere in the docs repo.

Document validating JWT credentials in handleConnection for socket.io
handshakes, including client auth example and room assignment pattern.
Required when guards.md uses named filename code blocks;
fixes Netlify deploy preview build failure on PR nestjs#3463.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant