Authorization is not available about fable.signalr HOT 6 CLOSED

This should now be resolved, see the new docs page that outlines how it works. I've tested this and was able to authenticate and authorize a SignalR hub connection with a bearer token.

Feel free to re-open if you have any more issues!

from fable.signalr.

I made a branch to test out authorization called auth. I can get it to properly print if the user identity is authenticated, but it doesn't seem to prevent it from calling the hub methods. It doesn't seem like the authorization attribute is doing anything at all.

I pretty much only write internal stuff at work so I don't have much experience with this subject. If you find something out that I'm missing to get this to work please let me know and I can make the changes necessary (or you can submit a PR if you want!).

from fable.signalr.

Well, yes, if you create your own IIdentity and fill it with data in JwtBearerEvents.OnMessageReceived, then it will work. But by default ASP services do it themselves, so I don't need to create my own validator, etc, if I use the [<Authorize>] attribute.

from fable.signalr.

What I'm trying to understand is I can't get it to block the access to the hub despite doing that and intentionally making it fail with the [<Authorize>] attribute.

from fable.signalr.

I try to use this library with my own application and even there I ran into an authorization problem that I wasted a lot of time on. But when I added .AddIdentity() strictly before .AddAuthentication() and .AddAuthorization(), everything worked. Maybe this will help in your code too.

from fable.signalr.

Ah I see, I'll try that out. Do you know if there are any downsides to simply adding the [<Authorize>] attributes like you suggested? I wouldn't want to break functionality in some other way... is it possible to apply authorize somewhere outside of the library to achieve this?

from fable.signalr.