The specification for the WebSocket implementation is fairly simple. It consists of two parts:
- Socket authentication
- Message format
Socket authentication is performed in a "hacky" way. This is intentional as it meets the following criteria:
- Being stateless, i.e. not using cookies to provide an authentication token
- Preventing authentication tokens from being leaked in the URI