WebSocket JWT令牌连接授权

I am trying to make a websocket connection to a URL(python client) which needs to have a jwt token passed in and the server(implemented in GO) listens to this request on and is supposed to authenticate by parsing the token.

I try to use this part of the code to make the request -

def test_auth_token(token)
    conn = create_connection("ws://<IP>:port"+ '/'+ container.uuid + '?token='+token)
    result = conn.recv()
    assert result is not None

This request hits the server which runs this code to validate this request

func ParseFromRequest(req *http.Request, keyFunc Keyfunc) (token *Token, err error) {

// Look for an Authorization header
if ah := req.Header.Get("Authorization"); ah != "" {
    // Should be a bearer token
    if len(ah) > 6 && strings.ToUpper(ah[0:6]) == "BEARER" {
        return Parse(ah[7:], keyFunc)

// Look for "access_token" parameter
if tokStr := req.Form.Get("access_token"); tokStr != "" {
    return Parse(tokStr, keyFunc)

return nil, ErrNoTokenInRequest


Every time, I am getting the "ErrNoTokenInRequest" output despite I am passing the token as a query parameter. The server side token validation is being done by this external library which contains the above GO Routine - https://github.com/dgrijalva/jwt-go/blob/master/jwt.go

I am not sure, what could be the possible reasons that server doesn't find the token sent in my client? Is it supposed to be sent as payload or headers or something else? Could someone point to get this module working?

With "access_token" as query parameter i get this exception -

self = <websocket._core.WebSocket object at 0x10a15a6d0>
host = 'x.x.x.x.', port = 9345
resource = '/v1/stats/fff51e85-f2bb-4ace-8dcc-fde590932cca?access_token=eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MjIxMzEyMzUsInN1YiI6ImNh...vxvBmtZRrUTY5AcvrjbojXqLxFHL_CMsmTZfTXhOiy-7W2V95bqts2Wy4R8oQvsfDylYJWCBTzZNKHvPVFpcl0jQKLm1ms-LOJg1w-k23VfojZucPGtY5A'
options = {}
headers = ['GET /v1/stats/fff51e85-f2bb-4ace-8dcc-fde590932cca?access_token=eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MjIxMzEyMzUsInN1YiI... 'Host: x.x.x.x.:9345', 'Origin: http://x.x.x.x.:9345', 'Sec-WebSocket-Key: BN1n2BcCT/CUGh9MHeyL5g==', ...]
key = 'BN1n2BcCT/CUGh9MHeyL5g=='
header_str = 'GET /v1/stats/fff51e85-f2bb-4ace-8dcc-fde590932cca?access_token=eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MjIxMzEyMzUsInN1YiI6...3:9345
Sec-WebSocket-Key: BN1n2BcCT/CUGh9MHeyL5g==
Sec-WebSocket-Version: 13
dongyanpai2701 让我们继续聊天中的讨论。
5 年多之前 回复


Quite simply the serve does not expect the token to be handed over as a query parameter but instead expects it to be included in the headers of the request.

Example using the websocket library from https://github.com/liris/websocket-client

def test_auth_token(token)
    header="Authorization: BEARER " + str(token)
    conn = create_connection("ws://<IP>:port"+ '/'+ container.uuid", header)
    result = conn.recv()
    assert result is not None
Csdn user default icon