Creating a secure chat application through web sockets

I am a college student trying to create a web chat application written in Dart over my winter break. I have a number of questions, both conceptual and specific.

So to start, I have the general UI of my application down, however, I am struggling with understanding how add user accounts (authorization) to my app. I just can’t seem to wrap my head around how a client should authenticate itself with the server and then be able to continue to use that connection. Does it need to authenticate itself every time it sends a request to the server?

Currently this is what I am doing. I have a “Login with Google” button that will obviously login with Google services and from there I get a token that is good for one hour. This is all done client side so far.
Then, if the client has successfully logged in, the client will open a WebSocket connection with the server and send a message prefixed with /auth {"tokenData": tokenData} or something along those lines. That will send a message to the server who will then decode the JSON and check the token with Google to ensure the token is valid and is the correct person connecting. If that is not true then the WebSocket connection is closed with the client. If it is then the websocket stays open for the chat. Handling the chat once a websocket is open is easy, I am just not sure about the authentication.

Is this a good method of doing authentication? If not, how should it be done? All of the guides that I read assume that I already know how authentication works and they do not explain how it should work for a beginner.

Thanks for taking the time to read this! Hope someone can help!

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.