19 lines
989 B
Markdown
19 lines
989 B
Markdown
## MODIFIED Requirements
|
|
### Requirement: Secure WebSocket Authentication
|
|
The system SHALL authenticate WebSocket connections without exposing tokens in URL query parameters.
|
|
|
|
#### Scenario: WebSocket connection with token in first message
|
|
- **WHEN** client connects to WebSocket endpoint without a query token
|
|
- **THEN** server waits for authentication message containing JWT token
|
|
- **THEN** server validates token before accepting further messages
|
|
- **THEN** server sends an authentication acknowledgment message
|
|
|
|
#### Scenario: WebSocket connection with invalid token
|
|
- **WHEN** client sends an invalid or expired token
|
|
- **THEN** server sends an error message indicating invalid or expired token
|
|
- **THEN** server closes the connection with an authentication error code
|
|
|
|
#### Scenario: WebSocket connection timeout without authentication
|
|
- **WHEN** client connects but does not send authentication within 10 seconds
|
|
- **THEN** server closes the connection with appropriate error code
|