JaduSpine Authentication¶
Overview¶
JaduSpine uses JWT authentication with Centrifugo. Your backend generates a token, the frontend passes it to the SDK, and Centrifugo validates it.
JWT Requirements¶
Your backend must generate a JWT with:
{
sub: string, // Required: User ID
exp: number, // Required: Expiration (Unix timestamp in seconds)
iat?: number // Optional: Issued at
}
Sign with HS256 algorithm using your JADU_SPINE_JWT_SECRET.
Secret Key Setup¶
Critical: Use the same secret in both places:
-
Backend (token generation):
JADU_SPINE_JWT_SECRET=your-secret-key -
Centrifugo (
config.json):{ "client": { "token": { "hmac_secret_key": "your-secret-key" } } }
Token Generation Example¶
import { SignJWT } from "jose";
const secret = new TextEncoder().encode(process.env.JADU_SPINE_JWT_SECRET);
const token = await new SignJWT({ sub: userId })
.setProtectedHeader({ alg: "HS256" })
.setIssuedAt()
.setExpirationTime("1h")
.sign(secret);
Frontend Usage¶
const spine = new JaduSpine({
wsUrl: "ws://your-centrifugo-server/connection/websocket",
token: jaduSpineToken, // From your auth endpoint
});
spine.connect();
Error Handling¶
spine.onEvent((event) => {
if (event.type === EventType.AUTH_ERROR) {
// Token invalid/expired - redirect to login or refresh token
console.error(event.error.code, event.error.message);
}
});
Common Issues¶
| Error | Cause | Fix |
|---|---|---|
AUTH_TOKEN_INVALID |
Secret mismatch | Ensure same secret in backend & Centrifugo |
AUTH_TOKEN_EXPIRED |
Token expired | Generate new token, implement refresh flow |
AUTH_FAILED |
Missing/malformed token | Check token is passed to SDK |