Skip to main content

Authentication & Authorization

Authentication & Authorization

Authentication & Authorization is centralized, based on OpenID Connect standards.

The PriceFeed WebSocket API uses centralized OpenID Connect Authentication & Authorization service.

To use/consume PriceFeed WebSocket API, your client applications and services have to authorize using security tokens retrieved from centralized Authorization Service (or Security Token Service).

You need to have WebSocket authentication token information to use WebSocket API.

If all your business contracts are done and your FIX API is set for use, then you’ll be given session and credential information.

Example TypeScript code block how you can add your access token information as Bearer token into Authorization header:

NOTE: This example also uses the following:

import { RxStompState } from '@stomp/rx-stomp';
// The message object for getting WebSocket data
import { Message } from '@stomp/stompjs';
// RxStompService for dealing with WebSocket STOMP on Angular (https://github.com/stomp-js/ng2-stompjs)
import { InjectableRxStompConfig, RxStompService } from '@stomp/ng2-stompjs';
// for OpenID Connect auth (https://github.com/damienbod/angular-auth-oidc-client)
import { OidcSecurityService } from 'angular-auth-oidc-client';

The configuration object that’s used in RxStompService should also be defined

// Define our WebSocket service configuration class
export const myRxStompConfig: InjectableRxStompConfig = {
// Which server?
brokerURL: "wss://price-feed-test.koala.markets/web-socket", // such as 'ws://localhost:8080/web-socket',

// Headers
// Typical keys: login, passcode, Authorization
connectHeaders: {}, // { Authorization: 'Bearer ' + 'my_jwt_access_token' },

// How often to heartbeat?
// Interval in milliseconds, set to 0 to disable
heartbeatIncoming: 0, // Typical value 0 - disabled
heartbeatOutgoing: 0, // Typical value 20000 - every 20 seconds

// Wait in milliseconds before attempting auto reconnect
// Set to 0 to disable
// Typical value 5000 (5 seconds)
reconnectDelay: 5000

// Will log diagnostics on console
// It can be quite verbose, not recommended in production
// Skip this key to stop logging to console
//debug: (msg: string): void => {
// console.log(new Date(), msg);
//}
};

Activating the RxStompService with configuration using the access token obtained from OpenID Connect Authorization Server

activateWebSocketWithStomp() {
// https://pretagteam.com/question/is-it-possible-to-catch-unauthorized-error-through-websocket-via-stompjs-ng2stomp
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// initialize the rxStompService for connection with JWT access_token obtained from OIDC Authorization Server //
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// create an empty headers object
const connectHeaders = {};
this.AuthorizationHeader = "Bearer" + " " + this.oidcSecurityService.getAccessToken();
// make that CSRF token look like a real header
connectHeaders["Authorization"] = this.AuthorizationHeader;
// put the CSRF header into the connectHeaders on the config
const config = { ...myRxStompConfig, connectHeaders: connectHeaders };
// configure the actual websocket service
this.rxStompService.configure(config);
// Activate the service
this.rxStompService.activate();
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
}

Note that WebSocket API requires that you connect with a secure communication channel.