authController.js

authenticate : function(req,res){

		var username = req.param('username')
		var password = req.param('password')

		if(!username || !password){
			return res.json(403,{err : 'username and password required'})
		}

		User.findOneByUsername(username,function(err,user){
			if(!user){
				return res.json(403,{err : 'invalid username or password'})
			}

			User.validPassword(password,user,function(err,valid){
				
				if(err){
					return res.json(403,{err : 'forbidden'})
				}

				if(!valid){
					return res.json(403,{err : 'invalid username or password'})
				}
					else{

						//TODO grab auth permission stuff to encode into token.
						res.json({user : user, token : sailsTokenAuth.issueToken(user.id)})

					}

			})

		})


	},

configslashsockets.js

authorization: function authorizeAttemptedSocketConnection(reqObj, cb) {

        // Any data saved in `handshake` is available in subsequent requests
        // from this as `req.socket.handshake.*`
        if(reqObj.query.token){
          sailsTokenAuth.verifyToken(reqObj.query.token,function(err,tokenData){
            if(tokenData){
              reqObj.handshake = tokenData;
              cb(null,true)
            }
            else{
              cb(null,false)
            }
          })
        }
        else{
          reqObj.handshake = {authenticated : false}
          cb(null,true)
        }





        //
        // to allow the connection, call `cb(null, true)`
        // to prevent the connection, call `cb(null, false)`
        // to report an error, call `cb(err)`


    },

sailsTokenService.js

var jwt = require('jsonwebtoken')
var socketjwt = require('socketio-jwt')


module.exports.issueToken = function(payload){
	var token = jwt.sign(payload,process.env.TOKEN_SECRET)
	return token;
}

module.exports.verifyToken = function(token,verified){
	return jwt.verify(token,process.env.TOKEN_SECRET,{},verified)
}