Auth Bootstrap
Browser websocket clients can bootstrap cookie-based auth through /mdp/auth.
POST /mdp/auth
Request:
json
{
"auth": {
"token": "client-session-token"
}
}Response:
- status
204 No Content Set-Cookiecarrying the serialized auth context
If auth is omitted, the server falls back to transport auth extracted from request headers.
DELETE /mdp/auth
Response:
- status
204 No Content Set-Cookieclearing the auth cookie
Typical flow
POST /mdp/auth- receive
Set-Cookie - open the websocket connection on the same origin
Transport auth extraction
By default, the server extracts transport auth from:
AuthorizationCookie- headers prefixed with
x-mdp-auth-
The HTTP loop and auth endpoints also send CORS headers and allow credentials.
For field-level request and response details, continue with: