I am sorry for the long delay.
It has been the last deadline weeks of the projekt I’ve been working on. But now it is finished! .
So I can once again fully concentrate on Resgate again
True that auth is not mapped to any HTTP method (like get -> GET and call -> CALL).
And because Resgate does not allow you to set cookies (yet! This is something I plan to prioritize as I am also in need of that capability), the only way to get a logged in session is by creating an ordinary non-Resgate HTTP login where the cookie is set.
The set cookie can then be used for authentication with the headerAuth setting.
Modifying the previous websequence diagram:
The difference is that I added the login call at the top, a HTTP request which goes directly to authservice.
To avoid having two ways of logging in (both the
auth.authservice.login RES request handler for WebSockets, and the
/login HTTP request handler for HTTP), I’ve found it easier to just use HTTP to login, and then have a
auth.authservice.jwt header authentication handler used both for WebSocket and HTTP requests to Resgate.
But as said, I wish to make it possible to do this purely using Resgate.