You are currently viewing documentation for version 3.0 which is nota long-term support release.
The latest long-term support release is version 2.6
Use Authentication and Authorization in WebSocket Connections¶
Despite the fact that WebSocket connections can be used to distribute messages to all site visitors independently of
their roles and permissions (e.g., to notify all visitors about new publications in the Company News section), in most
cases WebSocket messages are intended for a limited number of users that have appropriate permissions or interests to
publish or view messages in a particular topic.
To achieve this requirement, OroSyncBundle provides mechanisms for automatic client authentication.
All clients receive authentication tickets at the beginning of the connection. Before connecting, the client must
receive the connection ticket and pass it as the ticket query parameter in the connection URL.
For the frontend clients, the authentication ticket can be received by calling the POST request to the oro_sync_ticket
route. The response to this request is the JSON object with a ticket field containing a one-time authentication