Link

Websocket

By using the getSession API call you get the loggedin and hsid you need.

To set up the websocket and handle the changes in the LoginStatus of the session, one can use the javascript below, replacing serverid , hsid and loggedin with the correct values in the init function. This script will reload the current page on receiving a LOGIN (when the current status is false - logged out), or redirect to the main page on receiving a LOGOUT (when the current status is true - logged in).

<script>
var nextAuth = (function() {
var wssocket;
var wssocketerror;
var wssocketdisabled;
return {
init: function(){
    nextAuth.wsinit([['serverid','hsid',loggedin]],'wss://ws.nextauth.com/');
},
wsinit: function(sessiondata, host) {
    serverid = sessiondata[0][0];
    nonce = sessiondata[0][1];
    wssocketerror = true;
    wssocketdisabled = false;
    /* test websocket support */
    if ('WebSocket' in window || 'MozWebSocket' in window) {
        window.setInterval(nextAuth.wscheck, 500, sessiondata, host);
    } 
},
logmsg: function(msg) { 
    if(typeof console !== "undefined") {
        console.log("nextAuth - "+msg);
    }
},
wscheck: function(sessiondata, host) {
    if (!wssocketerror)
        return;
    if(wssocketdisabled)
        return;
    wssocketerror = false;
    try {
        if ('WebSocket' in window) {
            wssocket = new WebSocket(host);
        } else if ('MozWebSocket' in window) {
            wssocket = new MozWebSocket(host);
        }
        nextAuth.logmsg('WebSocket - status ' + wssocket.readyState);
        wssocket.onopen = function(msg) {
            nextAuth.logmsg("Connected");
            for (var i=0; i< sessiondata.length; i++){
                nextAuth.wssend("REGISTER " + sessiondata[i][1] + " " + sessiondata[i][0]);
            }
        };
        wssocket.onmessage = function(msg) {
            nextAuth.logmsg("Received: " + msg.data);
            nextAuth.wsreceive(msg.data, sessiondata);
        };
        wssocket.onclose = function(msg) {
            nextAuth.logmsg("Disconnected");
            wssocketerror = true;
        };
    } catch (ex) {
        nextAuth.logmsg(ex);
        wssocketerror = true;
    }
},
wssend: function(msg) {
    try {
        wssocket.send(msg);
        nextAuth.logmsg('Sent: ' + msg);
    } catch (ex) {
        nextAuth.logmsg(ex);
    }
},
getsession(sessiondata,serverid,nonce){
    for (var i=0; i<sessiondata.length; i++){
        if(sessiondata[i][0] == serverid && sessiondata[i][1] == nonce){
            return i;
        }
    }
    return -1
},
wsreceive: function(msg, sessiondata) {
    parts = msg.split(" ");
    cmd = parts[0];
    if (cmd == "LOGOUT") {
        serverid = parts[2];
        nonce = parts[1];
        i = this.getsession(sessiondata,serverid,nonce);
        if(i >= 0){
            knownstatus = sessiondata[i][2];
            if(knownstatus == 1){
                // currently logged in, received logout
                wssocketdisabled = true; // kill the socket
                if(typeof nextauthwsdoupdate == 'function')
                    nextauthwsdoupdate(0,serverid,nonce,i);
                else
                    window.location.assign("/");
            }
        }
    } else if (cmd == "LOGIN") {
        serverid = parts[2];
        nonce = parts[1];
        i = this.getsession(sessiondata,serverid,nonce);
        if(i >= 0){
            knownstatus = sessiondata[i][2];
            if(knownstatus != 1){
                // currently logged in, received logout
                wssocketdisabled = true; // kill the socket
                if(typeof nextauthwsdoupdate == 'function')
                    nextauthwsdoupdate(1,serverid,nonce,i);
                else
                    window.location.reload();
            }
        }
        
    } 
},
nextAuth.init();
</script>

Note that this script can listen to multiple sessions, possibly at different servers serverid and nonces hsid. Simply add another ['serverid','hsid',loggedin] to the first parameter of nextAuth.wsinit inside the init function. In that case, one should implement a nextauthwsdoupdate(x,serverid,nonce,i) function, with x being either 0 (logout) or 1 (login) to do proper session-based handling.

Push login

Through the websocket, one can also do a push login (based on the current session, equivalent to provokeLogin API call). Simply add a function provoke to the script, which can be triggered througout the page.

provoke: function(serverid, nonce){
    nextAuth.wssend("PROVOKE "+nonce+" "+serverid);
}

The function wsreceive also receives a cmd for changes with respect to the push login status: CONFIRMPROVOKE (when the user has received the push notification on the mobile) and CANPROVOKE (if one can do a push login based on the current session, equivalent to the canprovoke in the response from the getSession API call)