SID-AUTH-04 — WebSocket JWT Handshake Authentication
| Property | Value |
|---|---|
| Status | verified |
| Owner | platform |
| Category | technical |
| CSF Function | protect |
| Group | Authentication Controls |
Description
WebSocket connections authenticated via JWT in the initial handshake message. UserID and TenantID extracted from token claims and bound to session. Read limit enforced (64KB) to prevent message size DoS.
Components
- Wallet Backend (Go)
- Wallet Frontend
Source References
Audit Findings
| Finding | Severity | Status |
|---|---|---|
| EN-S-5 — Partial transport and instance protection | medium | in progress |