[SR-Users] Best practises for websocket authentication