search

tymondesigns / jwt-auth

🔐 JSON Web Token Authentication for Laravel & Lumen
https://jwt-auth.com
MIT License
11.29k stars 1.54k forks source link

Broadcast Auth route doesn't work with 'jwt.auth' middleware #1577

Open shah-newaz opened 6 years ago

shah-newaz commented 6 years ago

Subject of the issue

I'm trying to implement a chat server using Laravel Echo, Redis, Websocket, Vue JS and tymon/jwt-auth. I need my broadcast auth route to be authenticated by jwt.

When I make a post request with 'Bearer my_token' to '/broadcasting/auth' it throws AccessDeniedHttpException. I've set up my BroadcastServiceProvider like so:

Broadcast::routes(['middleware' => [ 'api' ,'jwt.auth' ]]);

The issue is thrown on Tymon\JWTAuth\Middleware\Authenticate @handle The error message is not helpful at all. Fairly straight forward to reproduce as I could do it on a fresh laravel installation as well.

Could it be, after successful authentication the package is not returning an expected type of response that is expected by the Broadcaster::authenticate method?

Since the error is invoked like this:

            $parameters = $this->extractAuthParameters($pattern, $channel, $callback);

            $handler = $this->normalizeChannelHandlerToCallable($callback);

            if ($result = $handler($request->user(), ...$parameters)) {
                return $this->validAuthenticationResponse($request, $result);
            }
        }

        throw new AccessDeniedHttpException;

That's the Broadcaster::authenticate method that's handling the final response. Maybe $request->user() is not accessible by it?

I don't even know if this is a Laravel shortcoming, package issue. Please suggest...

Your environment

Q A
Bug? yes
New Feature? no
Framework Laravel
Framework version 5.6.x
Package version 1.0.0-rc.2
PHP version 7.2

Steps to reproduce

  1. On a fresh Laravel installation, configure Tymon/JWTAuth and then enable Broadcast service provider.
  2. Configure Broadcast service providers Broadcast::routes() with attributes to use jwt.auth middleware like this: Broadcast::routes(['middleware' => [ 'api' ,'jwt.auth' ]]);
  3. Make a POST request with a valid bearer token to /broadcasting/auth endpoint

Expected behaviour

User authenticates successfully.

Actual behaviour

Laravel throws AccessDeniedHttpException

gileneusz commented 6 years ago

@shah-newaz I've got the same issue. Did you find any solutions?

tintinboss commented 6 years ago

Hi, one workaround is to create your broadcast routes manually and not use the in built ones. Thanks

einnar82 commented 6 years ago

I found a solution, update your jwt-auth package into 1.0.0-rc.2, apply the docs then modify the BroadcastServiceProvider into Broadcast::routes(['middleware' => ['auth:api']]);

boyet007 commented 3 years ago

I found a solution, update your jwt-auth package into 1.0.0-rc.2, apply the docs then modify the BroadcastServiceProvider into Broadcast::routes(['middleware' => ['auth:api']]);

this return 404 in console developer.. any suggest?