Include custom metadata in WebSocket connection

[Codebreaker101]

Proposed change

Add a way to include custom metadata that is sent to NATS server during websocket connection and that is forwarded to auth callout service.

Use case

In my app I have an account and that account can have or belong to several projects.
When a user selects a project a WebSocket connection is initiated and authenticated using Auth Callout.

I know what account initiated the connection due to the new TokenCookie option that is set to the name of the session cookie.
Now I need to know what project it is so that I can correctly name subjects in the permissions.
To be able to do that I need to send to the server ID of the project. I could use a name field in the connect options but it is not designed for that purpose.

I hear you saying Why not just allow access to all projects? I am doing that currently but a user can have any number of projects, which could be 1 or 1000 and that JWT would be huge if it comes to that. And I am sure that there is a limit on the size.

Contribution

No response

[derekcollison]

Connections can (and is considered best practice) to have names. They should be passed to the auth callout as well.

[Codebreaker101]

So for my suggested use case I should (and is recommended to) use project ID as a connection name?
In case one would need any additional metadata included when authenticating, they should just concatenate a string or possibly use json in the name field?

[derekcollison]

Yes we suggest naming all connections. If you need additional fields you could use the token field.