Took me a little experimentation (given the number of bad examples posted online) to figure this one out but I needed to authenticate a users token through the socket.io listener running in node (5.0.0).

I setup the token.js file to use socket.io with the following

 var app = require('express')(),
     http = require('http').Server(app),
     io = require('socket.io')(http),
     tokens = [];

Inside of the socket.io connection method I created a listener for the ‘register’ message that called the .NET web service to verify the authentication token. This code will be shifted to use the tedious framework in the near future. I included lodash to quickly check to see if the token is in the local array or if not, add it.

  socket.on('register', function (token) {
    var request = require('request');
    request.post({
      url: 'http://xxx/authentication.asmx/VerifyToken',
      method: 'POST',
      headers: { 'Content-Type': 'application/json; charset=utf-8' },
      body: JSON.stringify({ token: token })
    },
    function (err, resp, msg) {
      var body = JSON.parse(resp.body), t = JSON.parse(body.d);
      if (1 == t.flag) {
        var _ = require('lodash'), l = _.indexOf(tokens, token);
        if (l == -1) { tokens.push({ token: token, id: socket.id }); }
        socket.broadcast.emit('token', true);
      }
      else {
        console.log('Invalid Token/Socket ID ' + socket.id + ' Token ' + token.substring(0, 15));
        socket.broadcast.emit('token', false);
      }
    });
  }); // register

Client side, once logged in, it’s as simple as passing:

 socket.on('connect', function () { socket.emit('register', user.token() });

And providing a callback listener that will check for ‘token’ coming back with a true/false. This way the administrator can void the authentication tickets server side and the client will automatically be notified their tokens are no longer valid and sent back to the login screen.