Pusher Channels Docs | How to authenticate userspage

[edwardanthony]

Hello there, I spotted an issue on https://pusher.com/docs/channels/server_api/authenticating-users/

According to the docs, I have to follow the following response code when making authentication handler.

∞ Response Unsuccessful responses from an authentication endpoint should serve a 403 Forbidden HTTP status. Successful responses from an authentication endpoint should carry a 200 OK HTTP status and a body of the form

However our backend follows HTTP code semantics.

• Unauthorized will be sent if the client does not specify the token in the header
• Forbidden will be sent if the client does not have access
• Internal Server Error will be sent if there is unexpected error that can't be handled

The documentation saying it only accepts 403 is very limiting. I wonder if the wording is "should" because it'll accept other 4xx error and 5xx error. Please let me know.

[benw-pusher]

The Forbidden HTTP status is expected where the request is valid and a user has been identified, but the request to access the resource (in this case a channel) is denied. The Unauthorized or Internal Server Error codes would be encountered where the request has failed, either due to not passing the necessary tokens (or being unable to identify the user) or the server encountered an issue. Our libraries should also accept these - however the docs are scoped to a successful request and response from the endpoint, in which case either a 403 or a 200 response would be received.