Webhook Authentication via token

[alexfruehwirth]

Hello,

I'm currently looking into authenticating a user via the webhook extension.

Documentation suggests adding a token attribute when initialising a HocuspocusProvider, but it seems the token is only passed to the onAuthentication Hook. The Webhook Extension does not utilize this hook, but listens connect as initial connection hook, therefor does not receive a token.

I saw that adding a token as parameter might work, but it exposes the token into the URL, which is something we don't want to introduce.

I'm not as familiar as I would wish to be with Y.js and Hocuspocus yet and could neither find any solution in the docs nor via searching Discussions or Issues so far.

Is there maybe way to add the token to the request header?
Does someone know wether it's by design for the webhook extension to not use onAuthentication or is it something that is just not adjusted yet?

Has someone maybe an example how they solved this issue? 😄

Thank you & BR,
Alex