Laravel broadcasting auth route simply returns "true"

Question

I have my pusher key set and initialized within Laravel 5.3. When I test it on my local environment, it works. When I try to run the exact same code on our production environment, I get this error:

Pusher : Error : {"type":"WebSocketError","error":{"type":"PusherError","data":{"code":null,"message":"Auth info required to subscribe to private-App.User.16"}}}

I've confirmed the Pusher key is identical on both my local and production.

The WS initializes on both environments the same:

wss://ws.pusherapp.com/app/264P9d412196d622od64d?protocol=7&client=js&version=4.1.0&flash=false

The only difference that I can see, is that when our production server contacts the Laravel "broadcasting/auth" route, it simply receives true in the response body.

When my local contacts "broadcasting/auth" it gets this in the response:

{auth: "22459d41299d6228d64d:df5d393fe37df0k3832fa5556098307f145d7e483c07974d8e7b2609200483f8"}

Within my BroadcastServiceProvider.php:

public function boot()
{
    Broadcast::routes();

    // Authenticate the user's personal channel.
    Broadcast::channel('App.User.*', function (User $user, $user_id) {
        return (int)$user->id === (int)$user_id;
    });
}

What could cause the broadcast/auth route to return simply true instead of the expected auth?

Answer 1

If you check PusherBroadcaster.php file, you will see that the response can be "mixed".

I think the documentation is saying about the default broadcast only.

The channel method accepts two arguments: the name of the channel and a callback which returns true or false indicating whether the user is authorized to listen on the channel.

This is the validAuthenticationResponse method inside PusherBroadcast.

/**
 * Return the valid authentication response.
 *
 * @param  \Illuminate\Http\Request  $request
 * @param  mixed  $result
 * @return mixed
 */
public function validAuthenticationResponse($request, $result)
{
    if (Str::startsWith($request->channel_name, 'private')) {
        return $this->decodePusherResponse(
            $this->pusher->socket_auth($request->channel_name, $request->socket_id)
        );
    }

    return $this->decodePusherResponse(
        $this->pusher->presence_auth(
            $request->channel_name, $request->socket_id, $request->user()->getAuthIdentifier(), $result)
    );
}

Just to give you another example, this is inside RedisBroadcast.

if (is_bool($result)) {
    return json_encode($result);
}

Short explanation about this "auth request":

BroadcastManager instantiate all "available drivers" (Pusher, Redis, Log,etc) , and create the "auth" route (using BroadcastController + authenticate method).

When you call "auth", this will happen:

1. Call "broadc.../auth" route.
2. BroadcastManager will instantiate the proper driver (in your case Pusher)
3. PusherBroadcaster can throw an exception AccessDeniedHttpException if the user is not authenticated (the "user session" - Auth::user() is not defined/null) and is trying to access a private (or presence) channel type.
4. If the user is trying to access a private/presence channel and the user is authenticated (Auth::check()), Laravel will check if the auth. user can access the channel. (Check: verifyUserCanAccessChannel method).
5. After that, validAuthenticationResponse method will be called. This method will make a request to pusher with the user credentials and return an array. This array contains Pusher response (socket auth: https://github.com/pusher/pusher-http-php/blob/03d3417748fc70a889c97271e25e282ff1ff0ae3/src/Pusher.php#L586 / Presence Auth: https://github.com/pusher/pusher-http-php/blob/03d3417748fc70a889c97271e25e282ff1ff0ae3/src/Pusher.php#L615) which is a string.

Short answer:

Soo.. Pusher require this auth response. Otherwise you won't be able to connect/identify the user (wss://ws.pusherapp.com....).