sagnik Posted May 23 Share Posted May 23 (edited) Hi, I'm creating a social media with a real-time chat application using PHP WebSocket, the basic functionalities are working properly but I need to implement some other features as well. So I need help with the following related to the chat application: Login to the WebSocket using the credentials users use to log into the social media. Allow users to chat with their friends only. Identify users from the database using their ID and fetch data from the database. Show online/offline status based on the WebSocket. Show if a message is pending/sent/delivered/seen status. Show typing notification to the other user. I'm attaching a screenshot of the chat screen: Edited May 23 by sagnik Added another reason Quote Link to comment Share on other sites More sharing options...
Haradion Posted June 6 Share Posted June 6 Logins via social media are usually done using OAuth and OpenID Connect, which can be non-trivial to implement. For development purposes, as long as you're just testing on your own computer, I'd recommend building a mock login flow that just takes a username. It would be far too insecure to expose to the public Internet, but it would give you an opportunity to work out your database layer, which will be required for OAuth anyway. Quote Link to comment Share on other sites More sharing options...
sagnik Posted June 7 Author Share Posted June 7 Thanks for the advice, but the service has its login service, which uses SSO but the problem is handling the sessions within the WebSocket server for multiple clients. Quote Link to comment Share on other sites More sharing options...
Haradion Posted Thursday at 03:41 PM Share Posted Thursday at 03:41 PM First of all, sorry about the slow response. I was expecting to get a notification e-mail, but it turns out that I needed to adjust my settings for that to happen. So, it sounds like you've got an external SSO provider of some kind. Is it based on OAuth/OpenID Connect or on some other SSO protocol? For OAuth, if you have access to self-encoded access tokens, those can be relatively straightforward to validate without having to track too much session-related state in your own database. Since you mentioned social media logins, I'm going to guess they probably do use self-encoded access tokens since that's common for services that operate at a very large scale. For the database layer, is there already a specific database you're looking at using? Quote Link to comment Share on other sites More sharing options...
sagnik Posted Friday at 04:22 AM Author Share Posted Friday at 04:22 AM The platform doesn't use any third-party service. The SSO is also its own which I've developed. Quote Link to comment Share on other sites More sharing options...
Haradion Posted Saturday at 06:11 AM Share Posted Saturday at 06:11 AM (edited) OK, if you've already got SSO sorted out, is your first question about how to handle authentication specifically when you're opening the WebSocket connection? On 5/23/2024 at 7:37 AM, sagnik said: Login to the WebSocket using the credentials users use to log into the social media. Edited Saturday at 05:36 PM by Haradion Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.