Feature Request: Support JWT authentication in Action Cable

Yuhi-Sato · August 9, 2025, 11:06pm

I would like to use JWT authentication as the client authentication method in Action Cable.

The WebSocket RFC 6455 explicitly states that authentication methods other than cookies can be used. However, in Action Cable’s client interface createConsumer, only the URL can be passed, and there is no way to include an Authorization header to perform the HTTP handshake.

It would be helpful if Action Cable could support passing custom headers (such as Authorization: Bearer <token>) during the initial WebSocket connection, allowing JWT-based authentication to be implemented without relying on cookies.

bensheldon · August 13, 2025, 11:50pm

ActionCable uses the browser JavaScript Websocket API, which doesn’t support headers. Lots of details here: javascript - HTTP headers in Websockets client API - Stack Overflow

Topic		Replies	Views
[Screencast] ActionCable - Part 3 - Securing Your WebSockets rubyonrails-talk	0	180	July 25, 2016
Proposal: Authentication via JWT token rubyonrails-core feature	11	832	January 27, 2025
Action cable with rails 4.2 rubyonrails-core	1	191	June 2, 2016
Why ActionCable does not provide access to sessions? actioncable	2	1772	August 4, 2020
Need help with websockets in rails rubyonrails-core actioncable	1	105	January 22, 2025

Feature Request: Support JWT authentication in Action Cable

Related topics

More Resources