|
|
|
|
|
|
by osigurdson
432 days ago
|
|
|
My issue with eventsource is it doesn't use standard auth. Including the jwt in a query string is an odd step out requiring alternate middleware and feels like there is a high chance of leaking the token in logs, etc. I'm curious though, what is your solution to this? Secondly, not every client is a browser (my OpenAI / fine tune example is non-browser based). Finally, I just don't like the idea of things failing all time with something working behind the scenes to resolve issues. I'd like errors / warnings in logs to mean something, personally. >> I don't understand the advantages of recreating SSE yourself like this vs just using SSE This is more of a strawman and don't plan to implement it. It is based on experiences consuming SSE endpoints as well as creating them. |
|
|
Cookies work fine, and are the usual way auth is handled in browsers.
> Secondly, not every client is a browser (my OpenAI / fine tune example is non-browser based).
That's fair. It still seems easier, to me, to save any browser-based clients some work (and avoid writing your own spec) by using existing technologies. In fact, what you described isn't even incompatible with SSE - all you have to do is have the server close the connection every 60 seconds on an otherwise normal SSE connection, and all of your points are covered except for the auth one (I've never actually seen bearer tokens used in a browser context, to be fair - you'd have to allow cookies like every other web app).