Mattermost, Inc.

How to Pass Credentials to Websocket from external domain?


We have built an implementation of MM using the api inside our app however we can not get the websocket connection authenticated . The websocket works as expected from inside the app if we actually log into Mattermost directly on the mattermost server. I assume this is because logging into Mattermost on the server sets the cookie … but … we need to be able to pass the token / cookie from our app.

I have tried the following;

var dataStream = $websocket(‘wss://’+$rootScope.mmToken);

var dataStream = $websocket(‘wss://’, $rootScope.bearerMMToken); (i dont think you can pass headers to websocket so not surprised this didnt work) …

Does anyone have any suggestions? This is quite urgent as we have a demo coming this Friday and this needs to work …

Thank you.


Hi @keithg,

New in Mattermost 3.5, you can authenticate your WebSocket by connecting and then providing the token in a JSON formatted authentication challenge over the WebSocket.

An example authentication challenge would look like this:

    "seq": 1,
    "action": "authentication_challenge",
    "data": {
        "token": "mattermosttokengoeshere"

If the WebSocket authenticates correctly then you will receive a standard ok response looking like this:

    "status": "OK",
    "seq_reply": 1

All previous versions of Mattermost before 3.5 will require the token in the cookie. Mattermost 3.5 still supports authenticating through the cookie.

@jwilander Thank you for this update. This is great news and I will upgrade our server this evening and try this. Thank you.

Well … this seems to have solved my websocket problem … but it looks like many api calls have been depreciated because several of my calls are now returning 404 errors. Grrrr … looks like the evening will be all about finding and fixing those.

Hi @keithg,

Can you confirm that this issue is solved for you? Hope you managed to find and fix the API errors!