Limiting publications by authid (was Authentication/Authorisation)

[pura]

Hi Guys

I don't know if this is right place to put this question, as this not actually an issue. Thruway is great tool with lots of features but might be lack a bit of documentation. Hence the question below.

I'm using WAMP to setup pubsub. I use Thruway (PHP) as client.

I'm trying to understand best way to implement authentication/authorisation dynamically.

I have my application which publishes the messages. There will be multiple clients which can subscribe those messages.

I want to make sure that only the valid users (an authenticated user) can subscribe to their related messages.

Lets say, I publish a message {userid: 1, message: hi} and {userid: 2, message: hello}. So,only the user with id 1 should be able to subscribe his message and same for user 2.

Can anyone suggest what's the best approach. As I struggle with documentation provided.

Client can be web with Javascript (autobahn-js).

Ta

[mbonneau]

If you are using authentication, you can limit publications by authid by setting the option _thruway_eligible_authids to an array of eligible auth ids.

May not be the best documentation - but here is what the tests look like: https://github.com/voryx/Thruway/blob/37b7c640964a24c5c622638c1417a1e73ddc7d66/tests/Unit/Role/BrokerTest.php#L474

[pura]

@mbonneau thank you. I actually had been through that test but was not sure if those options are for publishing or for subscribers. Thank you.

[mbonneau]

@pura - The publisher sets the options when publishing. These do not pass through to the subscriber.

[mbonneau]

This is related to #134

[pura]

Sure @mbonneau, but it restricts the subscription to the ids that are eligible. if that's the case. that's what I want.

[mbonneau]

@pura - I am not sure if we are saying the same thing in different ways - but the _thruway_eligible_authids option when publishing only instructs the router on what authids are eligible to receive the message. It will not prevent clients from subscribing.

[pura]

@mbonneau I think, we are. Only problem now is to figure out how to get authId from connected Clients. Any suggestion please.

[pura]

@mbonneau I have sorted this out with your help. After authenticating, I set the authId for the user. And the same id is passed as "_thruway_eligible_authids". Thanks for your help.