Laravel Sanctum - Githubissues

tlaverdure / laravel-echo-server

Socket.io server for Laravel Echo

MIT License

2.65k stars 510 forks source link

Laravel Sanctum #500

Open ggolda opened 4 years ago

ggolda commented 4 years ago

Does it work with laravel sanctum? https://laravel.com/docs/7.x/sanctum#authorizing-private-broadcast-channels

laravel-echo-server throws 401 when I'm trying to authenticate private channels.

ggolda commented 4 years ago

It doesn't work if Broadcast::routes(['middleware' => 'auth:sanctum']); is inside api.php (with changed authEndpoint to point to api/v1/broadcasting/auth.

But works with a default configuration, when routes are inside web.php and with default authEndpoint.

ggolda commented 4 years ago

@tlaverdure I found a problem with cookie decryption and Laravel Sanctum: https://github.com/laravel/sanctum/issues/122

In case if they wont fix it, it's worth adding a section how to use laravel-echo-server with Sanctum:

window.Echo = new Echo({
    broadcaster: 'socket.io',
    host: window.location.hostname,
    auth: {
      headers: {
        'Referer': window.location.hostname
      }
    }
});

Without Referer header all private channel authorization attempts got declined because Sanctum doesn't apply middleware that decrypts tokens and session id is invalid in this case.

radudiaconu0 commented 4 years ago

@tlaverdure I found a problem with cookie decryption and Laravel Sanctum: laravel/sanctum#122

In case if they wont fix it, it's worth adding a section how to use laravel-echo-server with Sanctum:
window.Echo = new Echo({
    broadcaster: 'socket.io',
    host: window.location.hostname,
    auth: {
      headers: {
        'Referer': window.location.hostname
      }
    }
});
Without Referer header all private channel authorization attempts got declined because Sanctum doesn't apply middleware that decrypts tokens and session id is invalid in this case.

how can i use this in a vue project? how can i configure there?

seobrain commented 3 years ago

Sanctum + Echo is definitely poorly documented at the moment.

I had the same issue, but my setup is slightly different. I have both laravel and echo dockerized. Nevertheless, after 1 full day of investigation the following config item helped me to solve the private channel connection issue:

auth: { headers: { 'origin': 'localhost' }}.

Again, in my case both laravel and echo are sharing the same host.

And yes, Broadcast::routes middleware should include api in any case, otherwise Laravel is not able to derive a session from cookies.