Description

From what I understand the RFC6455 WebSockets specification allows for token-based auth using request headers, but in the client Javascript WebSocket implementation it's not possible to send authorization headers.

I have a setup with using quarkus-websockets-next together with KeyCloak and would need to authenticate using the token retrieved by KeyCloak via a Javascript WebSocket.

Implementation ideas

I've seen multiple suggestions on how this limitation is bypassed but most of them seem to involve setting the token in the url, for example:
ws://${token}@localhost/ws or ws://localhost/ws?token=${token}.

Is there a way to solve this today, or is this something that would need to be added to the extension?

Thank you, and thank you for all the good work you do on this project, it's much appreciated!