Using private channel whithout '$request->user()' but with JWT #49128
Unanswered
fabioselau077
asked this question in
Q&A
Replies: 1 comment
-
|
@fabioselau077 [Customizing The Authorization Endpoint](https://laravel.com/docs/10.x/broadcasting#customizing-the-authorization-endpoint) |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Laravel Version
10.10
PHP Version
8.3
Database Driver & Version
No response
Description
Hello, I'm configuring Laravel with self hosted pusher (soketi), everything works for public channels. However, when it is a private channel (private-), the call is made to site.com/api/broadcasting/auth, but 403 is always returned.
Analyzing the Laravel source code and debugging ( https://prnt.sc/JlUUq0DvyRxk), I verified a check in the PusherBroadcaster auth function that tries to retrieve the user() within retrieveUser(), but as I use JWT I don't have "$request->user()", after passing through the middleware 'verify.jwt' and I verify the JWT, I decrypt it in Bearer and I add it to $request->credentials (https://prnt.sc/lOL0gFz3Lwrf).
I believe this is where the problem lies, even though we don't say to use any middleware or anything like that, it always waits for $request->user() because it has 'private-' in the channel name.
The main question is: Is there a way to avoid falling into these validations? Because if the $request falls into the routes/channels, I can validate it through the JWT and define whether or not it has access to that channel, however it gives 403 before arriving, because the $request->user() is analyzed, which In my case, I don't use Passport or another Laravel authentication method because I use it as a 100% API.
Any solution?
Steps To Reproduce
Beta Was this translation helpful? Give feedback.
All reactions