I'm going around in circles trying to get this to work...
Here's the situation:
I have a PHP web app which makes remote procedure calls (RPCs) to several microservices via a Crossbar.io router using Thruway. Anonymous calls are working perfectly, but now I want to add authentication.
Here is the Crossbar configuration:
{
"controller": {
},
"workers": [
{
"type": "router",
"realms": [
{
"name": "dashboard",
"roles": [
{
"name": "microservice",
"permissions": [
{
"uri": "*",
"publish": true,
"subscribe": true,
"call": true,
"register": true
}
]
}
]
}
],
"transports": [
{
"type": "websocket",
"endpoint": {
"type": "tcp",
"port": 80
},
"auth": {
"wampcra": {
"type": "static",
"users": {
"client1": {
"secret": "secret1",
"role": "microservice"
}
}
}
}
}
]
}
]
}
The Crossbar server is (I hope) set up as a router only. All clients/workers are on other servers. I've been following this example for the Crossbar config - specifically, this configuration file. There are a couple of important differences between the example and my config: the example server is configured as both a router and also serves static web pages (which mine does not) and the example server includes a Python component which (if I'm reading it correctly) is not material to the authentication process.
In my development environment I'm trying to get authentication to work for one client. Here's the client code:
<?php
// include the autoloader
//
require __DIR__ . '/vendor/autoload.php';
use Thruway\ClientSession;
use Thruway\Peer\Client;
use Thruway\Transport\PawlTransportProvider;
use Thruway\Authentication\ClientWampCraAuthenticator;
// create the WAMP client
//
$client = new Client('dashboard');
$auth = new ClientWampCraAuthenticator("client1", "secret1");
$client->addClientAuthenticator($auth);
// add the WAMP transport provider
//
$client->addTransportProvider(
new PawlTransportProvider('ws://192.168.1.10/')
);
// handle the "open" (connect) event
//
$client->on('open', function (ClientSession $session) {
// register the getImageData procedure
//
$session->register('service.client1.get', function ($data) {
return (new Client)->get();
});
});
// start the client
//
$client->start();
The problem is that the "challenge" message is never sent by the server. When the client attempts to connect, I get the following debug message:
2015-07-07T13:58:17.7451860 debug [Thruway\Transport\PawlTransportProvider 204] Received: [3,{"message":"no user with authid 'anonymous' in user database"},"wamp.error.not_authorized"]
Can anyone explain what additional configuration I need to do to get the server to challenge the client?
I found it...
I must have overlooked this in all the examples I've seen today. The solution is to add $client->setAuthId('client1'); before the call to $client->addClientAuthenticator($auth);