egg/PROJECT-CONTORL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
679b89ae4c9f56e6233b75c14de430a276c8310c
PROJECT-CONTORL/openspec/changes/update-api-consistency/specs/user-auth/spec.md
beabigegg 2cb591ef23 spec: update api consistency 
Align optimistic locking conflict payload, update websocket docs, and adjust tests.
2026-01-11 16:54:28 +08:00

989 B
Raw Blame History

MODIFIED Requirements

Requirement: Secure WebSocket Authentication

The system SHALL authenticate WebSocket connections without exposing tokens in URL query parameters.

Scenario: WebSocket connection with token in first message

  • WHEN client connects to WebSocket endpoint without a query token
  • THEN server waits for authentication message containing JWT token
  • THEN server validates token before accepting further messages
  • THEN server sends an authentication acknowledgment message

Scenario: WebSocket connection with invalid token

  • WHEN client sends an invalid or expired token
  • THEN server sends an error message indicating invalid or expired token
  • THEN server closes the connection with an authentication error code

Scenario: WebSocket connection timeout without authentication

  • WHEN client connects but does not send authentication within 10 seconds
  • THEN server closes the connection with appropriate error code