I need to authenticate socket.io client connections with the client's username, password and additionally with developer password (developer password is used to ensure that the service is only used by the apps developed by registered developers).
The problem is, developer password should not be seen by the application's user or the client. Is there a way to authenticate the user with client username, password and additionally developer password, without client knowing the developer password? Any help is greatly appreciated.
Thanks.
Checkout this blog post: http://blog.bigpanda.io/session-based-socket-io-authorization/. The guidelines there combined with what Nitzan suggested in his last answer should do the trick.