dcrck

dcrck

Creating a public WebSocket endpoint with Phoenix Channels

I’m interested in creating a public API for my Phoenix channels, so that clients in external apps can subscribe to their events. Additionally, the channels should require authentication from clients for them to start receiving events.

This is definitely possible with Phoenix, and I understand that the socket is exposed at localhost:4000/socket/websocket, but most of the examples I can find on the internet are focused on joins/subscriptions within the same app, rather than from outside the app. In other words, they rely on a token that’s created when you log in, and encoded in the HTML somewhere.

Does anyone have any examples of protected Channel topics that support authentication from external apps? For example, you connect to the socket, pass your credentials in a message to authenticate, and then you can subscribe to a specific channel? I can’t seem to find any to study, even though I would think this isn’t a unique use case. Of course, this could be very straightforward or I could be ignoring something obvious, in which case feel free to correct me. Thanks in advance!

Marked As Solved

sb8244

sb8244

Author of Real-Time Phoenix

Word—if you’re just setting up your other apps to subscribe to the sockets, then I would go for the much lighter weight solution. Something like rolling credentials doesn’t really matter when it’s all in your control, because you know what to expect and can mitigate or ignore as necessary.

The solution I laid out would be for the type of system like when you setup auth with Github (which has access tokens and OAuth apps separated from other access).

Also Liked

sb8244

sb8244

Author of Real-Time Phoenix

The great thing about Channels is that you have complete control over the lifecycle. So you can use something like a Phoenix Token or a JWT out-of-the-box, or you could roll your own token exchange mechanism.

Do you currently have any mechanism for a person to register with your API? At work, we use OAuth to do so, which we then exchange for a JWT token on an edge server and pass around as JWT internally. You could do something similar where you take a token (any format, could even be an OAuth access token) and validate that against your database in the Phoenix.Socket connect/3 function.

There’s not much difference between a public and private API from an operational perspective. You need a different auth mechanism (usually), you need to make sure you don’t break the contract or existing users will be upset when their apps break, and you need to have good documentation. Other than that, I consider it business as usual.

dcrck

dcrck

I see, so an OAuth 2 provider is what I’m looking for. This Elixir library should be a good starting point, then. :smile:

Where Next?

Popular in Questions Top

9mm
I am constructing a JSON object (map) and I need to conditionally set a field. I’m trying to write proper elixir-way code… and I’m at a l...
New
mcarvalho
What is the difference between System.get_env and Application.get_env? For example, what are best practices to use one versus another.
New
greenz1
I have a phoenix application from which a user can download multiple(5-6) files of size 1MB. I couldn’t find anything related to sending ...
New
stefanchrobot
What’s the safe way to decode a JSON string into a struct? I want to avoid calling String.to_atom. Jason.decode can give me a map with st...
New
fayddelight
I tried installing elixir 1.11.2 erlang 23.3.4 via asdf in my zsh shell. Enabled the versions locally and globally. When I list them ...
New
Qqwy
Original source of discussion: This topic on the Pragmatic Programmers’ Functional Web Development with Elixir, OTP, and Phoenix forum. ...
New
bsollish-terakeet
Credo is smart enough to check for (something like) this: assert length(the_list) == 0 with this response: Checking if an enum is empt...
New
komlanvi
Hi everyone, I was playing with phoenix liveView but I run into an issue. I have a form and want to validate each input text when the te...
New
dotdotdotPaul
Okay, I’m having a heck of a time trying to figure out how to best handle the validation of belongs_to associations in Ecto. I’m sure I’...
New
openscript
Hello! Sorry for this astonishing simple question, but I’m really stuck. I try to set up the intellij-elixir plugin, but I don’t know ho...
New

Other popular topics Top

danschultzer
None of the current solutions worked well for me, so I went ahead and built a user management system from scratch. This project took far...
548 29377 241
New
vertexbuffer
Hello, can anybody help here..? I have a list of players and I what to delete an element, but every for loop the list is reverting to ori...
New
senggen
Erlang/OTP 25 [erts-13.2.2] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1] 15:22:35.803 [error] gen_event {lager_file_backend...
New
chrismccord
As promised, the first release candidate of Phoenix 1.3.0 is out! This release focuses on code generators with improved project structure...
New
shahryarjb
Hello, I have map which I want to convert it to string like this: the map: %{last_name: "tavakkoli", name: "shahryar"} the string I ne...
New
msaraiva
Surface is an experimental library built on top of Phoenix LiveView and its new LiveComponent API that aims to provide a more declarative...
564 43622 214
New
JakeBecker
TL;DR: I’ve just released an implementation of Microsoft’s IDE-independent Language Server Protocol for Elixir. It adds language support ...
1144 53690 245
New
AngeloChecked
What learn first? Rust or Elixir Hi Elixir community! I’m here because i want learn a new language. I’m a junior developer and mainly i ...
New
dokuzbir
I want to highlight html closing tags when i click a html tag. That works in .html files but doesnt work for html.eex templates. How can...
New
AstonJ
Seen any cool LiveView demos, sample apps or examples? Please post them here! :003:
New

We're in Beta

About us Mission Statement