Do you want to request a feature or report a bug?
Question/Bug
What is the current behavior?
I've set up a Vue3/Laravel app with a live-chat via Pusher which works over non-private channel chat. In the next step I want to use a private channel but something weird happens. The pusher.subscribe function that tries to send a request to /api/pusher/auth doesn't seem to handle the sanctum authorization correctly, resulting in:
POST http://localhost:8000/api/pusher/auth 401 (Unauthorized)
ajax @ pusher-js.js?v=1974b27b:676
(anonymous) @ pusher-js.js?v=1974b27b:3548
authorize @ pusher-js.js?v=1974b27b:1860
subscribe @ pusher-js.js?v=1974b27b:1828
subscribe @ pusher-js.js?v=1974b27b:3960
subscribeAll @ pusher-js.js?v=1974b27b:3951
(anonymous) @ pusher-js.js?v=1974b27b:3868
emit @ pusher-js.js?v=1974b27b:1230
updateState @ pusher-js.js?v=1974b27b:2341
connected @ pusher-js.js?v=1974b27b:2281
callback @ pusher-js.js?v=1974b27b:2176
cb @ pusher-js.js?v=1974b27b:2619
tryNextStrategy @ pusher-js.js?v=1974b27b:2459
(anonymous) @ pusher-js.js?v=1974b27b:2507
(anonymous) @ pusher-js.js?v=1974b27b:3399
finish @ pusher-js.js?v=1974b27b:1752
onMessage @ pusher-js.js?v=1974b27b:1729
emit @ pusher-js.js?v=1974b27b:1230
onMessage @ pusher-js.js?v=1974b27b:1327
socket.onmessage @ pusher-js.js?v=1974b27b:1343
Show 20 more frames
Show less
pusher-js.js?v=1974b27b:979 Pusher : : ["Error: Unable to retrieve auth string from channel-authorization endpoint - received status: 401 from http://localhost:8000/api/pusher/auth. Clients must be authorized to join private or presence channels. See: https://pusher.com/docs/channels/server_api/authorizing-users/"]
This problem is specific to the pusher route, all other api routes work just fine.
pusher is trying to connect to this route but the authorization fails, resulting in 'test' not being logged and returning aforementioned error back to the client. This seems to be a pusher + sanctum problem because connecting to this diagnostic route works:
but $request->cookies->all() is empty and $request->user() is null. For some reason no auth cookies are arriving in the pusher route. To check if sanctum works by itself, connecting to the following route, returns the authorized user:
Route::middleware('auth:sanctum')->get('/test-auth', function (Request $request) {
return $request->user();
});
Any idea what the problem is with the pusher route or how I could further debug this? Thank you in advance
What is the expected behavior?
Private channel subscription should work.
**Which versions of Pusher, and which browsers / OS are affected by this issue?
Tested Pusher versions: newest, 8.3, 7.6
MacOS: Ventura 13.2.1
Browser: Chrome
Do you want to request a feature or report a bug? Question/Bug
What is the current behavior? I've set up a
Vue3/Laravel
app with a live-chat viaPusher
which works over non-private channelchat
. In the next step I want to use a private channel but something weird happens. Thepusher.subscribe
function that tries to send a request to/api/pusher/auth
doesn't seem to handle thesanctum authorization
correctly, resulting in:This problem is specific to the
pusher
route, all other api routes work just fine.Frontend setup
pusher.js:
axios.js:
the user is authenticated in a login component:
and the app tries to subscribe to pusher in a chat component, only accessible to authenticated users:
Backend setup
/routes/api.php:
pusher is trying to connect to this route but the authorization fails, resulting in
'test'
not being logged and returning aforementioned error back to the client. This seems to be apusher + sanctum
problem because connecting to this diagnostic route works:but
$request->cookies->all()
is empty and$request->user()
isnull
. For some reason noauth cookies
are arriving in the pusher route. To check ifsanctum
works by itself, connecting to the following route, returns the authorized user:relevant .env entries:
like I said, the entire authentication of the app works fine except the pusher route.
Browser Network Tab
auth request #1:
General:
Response Headers:
Request Headers:
followed by auth request #2:
General:
Response Headers:
Request Headers:
Browser Application Tab
there are two cookies in /storage/cookies/http://localhost:3000:
1 soul_meatcom_session:
2 XSRF-TOKEN:
Any idea what the problem is with the
pusher
route or how I could further debug this? Thank you in advanceWhat is the expected behavior? Private channel subscription should work.
**Which versions of Pusher, and which browsers / OS are affected by this issue? Tested Pusher versions: newest, 8.3, 7.6 MacOS: Ventura 13.2.1 Browser: Chrome