Skip to main content
New protocol version released: This page may contain outdated information.
The HAIP Server uses JWT (JSON Web Tokens) for authentication, providing secure, stateless authentication for all client connections.

JWT Authentication

Secure token-based authentication

Session Management

Per-client session tracking and management

Token Validation

Automatic token validation and expiry checking

User Identification

Extract user information from tokens

JWT Configuration

Basic Configuration

Environment Variables

Security Best Practices

Token Structure

JWT Payload

Required Claims

  • userId: Unique identifier for the user
  • iat: Issued at timestamp
  • exp: Expiration timestamp

Optional Claims

  • iss: Issuer (default: “haip-server”)
  • aud: Audience (default: “haip-client”)
  • sub: Subject (user ID)
  • jti: JWT ID (unique identifier)

Client Authentication

WebSocket Authentication

SSE Authentication

HTTP Streaming Authentication

Token Generation

Server-Side Token Generation

Token Validation

Session Management

Session Creation

When a client connects with a valid token, the server automatically creates a session:

Session Tracking

Session Cleanup

Sessions are automatically cleaned up when clients disconnect:

Error Handling

Authentication Errors

Client-Side Error Handling

Token Refresh

Client-Side Token Refresh

Security Considerations

1. Secure Token Storage

2. Token Rotation

3. Rate Limiting

4. HTTPS in Production

Monitoring and Logging

Authentication Events

Authentication Statistics

Testing Authentication

Generate Test Tokens

Test Authentication

Next Steps