Re: [Hawkular-dev] hawkular-accounts integration with websocket stuff in kettle
That provides only a small part of the whole authentication scheme,
though: given that a WebSocket can potentially live for a very long time
(hours, or even days), it's likely that a session might expire during
the lifetime of the socket connection. So, this connection has to be
"somehow" refreshed or killed.
What do you mean by session expiring (which session)?
If the WS-client goes away, the server will see an event for it.
What may possibly more a cause for concern is that a Hawkular user may
have a WS-connection open and the user is removed from the user
database. In this case we may want to invalidate all tokens/grants and
also forcefully disconnect the WS.