Add authorization headers #32
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #32 +/- ##
============================================
- Coverage 43.07% 38.23% -4.84%
Complexity 61 61
============================================
Files 9 6 -3
Lines 397 272 -125
Branches 14 0 -14
============================================
- Hits 171 104 -67
+ Misses 218 168 -50
+ Partials 8 0 -8
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
@michaelaguiar Thanks for this, however I'm not sure what we're fixing here - from what I've seen auth works fine for us, also for private channels ... is this PR related to an existing issue? I've looked through the issue list: https://github.com/georgeboot/laravel-echo-api-gateway/issues) but I didn't see anything ... I'm a bit reluctant to merge this if I'm not sure what issue we're fixing here. Second remark - I wonder if we really should be removing Axios - please see this issue and the conclusion we came to: Is the removal of Axios necessary for the auth headers fix to work? |
|
Good point! If Echo relies on it, we should keep axios. It’s absolutely not necessary for the auth header fix. I will revert the axios removal. In my use case, the client needs to authenticate with a separate api server that uses passport via a bearer token. I realized that adding the auth.headers.Authorization option wasn’t actually adding the authorization header at all to the /broadcasting/auth request. You can verify this by adding that option, and reviewing the request in the network tab of the browser console. Please correct me if I’m wrong! After I roll back the axios removal, the only change is adding the headers to the axios auth request for private / presence. You should also see that no headers are being added currently, regardless of the defined options. I’ll revert axios in just a few minutes and you can take a look. Feel free to take your time and verify yourself! |
|
@michaelaguiar Okay thanks ... will wait for the final version! |
|
Understand the use case and would be good to support this |
michaelaguiar
force-pushed
the
master
branch
from
2fdc1e8 to
dd369ad
Compare
|
Ok Axios is back in. The authorization header is minor, but helps when the client needs to authenticate to a separate remote server that requires a Bearer Token. For example: window.Echo = new Echo({
broadcaster,
host: "wss://" + API_ID + ".execute-api.us-west-2.amazonaws.com/" + STAGE,
authEndpoint: AUTH_URL + "/broadcasting/auth",
bearerToken: getCookie("session_token"),
enabledTransports: ["ws", "wss"],
});
For reference: laravel/echo#353 Let me know what you guys think! |
|
@michaelaguiar @georgeboot Okay, now I finally understand what's the point :) Yes, authentication to set up "private" channels was something we also definitely needed in our own app ... the way we worked around it (we use Axios in our app) was like this, with and this works, but of course what you've now implemented now is much more elegant - and consistent with "the Echo standard" (as per laravel/echo#353). I think we won't even need to change our application code after upgrading, but if we want to we could get rid of our "hack" ... Happy to merge this - but shall we add your little example snippet to the README, so that people know how to use it? So I mean this: P.S. what we're doing in our own app in a local dev environment (when connecting to a local websockets server, not AWS) is this: I think this is the "old syntax" for Echo to pass the bearer token, back when the |
|
Exactly! I needed to add the headers directly to Axios just as you did, and figured there was a cleaner way to do it directly in the echo block. Yea I found that bearerToken was added to simplify the block a bit, but it does exactly that - adds the auth.headers.Authorization if it's added. You can use either method and it should just work with my update. Just updated the README. What do you think? |
|
@michaelaguiar I think it's looking great ... I've merged it! I didn't publish a new version to Thanks! P.S. ah haha, it's now complaining about https://github.com/georgeboot/laravel-echo-api-gateway/actions/runs/11803244330/job/32880778514 Never mind, we'll fix that in another PR ... but, what we should maybe do is configure our Github Actions to run not just on commits to https://futurestud.io/tutorials/github-actions-run-on-pull-request |
|
I agree! I can take a look and get that updated a little later. |
|
@michaelaguiar I've merged it but I'm now struggling with producing a release - publishing to npmjs just refused to work ... by the way I combined this PR (32) with another PR (31) in the same release (0.5.1 originally but I messed around a bit and now it's 0.5.2, lol) ... haven't succeeded in producing/publishing a release though :) |
|
What errors are you getting? Anything I can do to help? |
@michaelaguiar See the discussion (comments) at the bottom of the other PR: but basically the Github Action logs says this: Run And that's it, more or less ... There isn't any other useful info regarding what the problem is, and a quick google search yields nothing, I'm coming up empty ... basically stuck at this moment as the yarn command seems to "refuse" to publish to npmjs ! I'm almost out of ideas - what we still could do is:
P.S. by the way: the "test" action that precedes the "publish" action also has failures - the Jest run fails, as well as another job - but I don't believe that that should directly influence the "publish" action ... |
Before, if you included the following authorization headers to the Echo connection block, it would be ignored and private channels would fail to connect:
auth: { headers: { Authorization: "Bearer {TOKEN}", }, }This PR makes it so if you included
auth.headers.Authorizationor the shorterbearerTokenoptions, it will now add it to the authentication headers.I also converted the
axioscall to use vanilla jsfetchto remove the need for a third party library.axioswas removed as a dependency.