elixirphoenix-frameworkphoenix-channels

Only authenticating some channels on join in Phoenix


How can I change this code to connect to a channel that doesn't require authentication, while still allowing authentication on some channels?

phoenix.js:701 WebSocket connection to 'ws://localhost:4000/socket/websocket?token=&vsn=1.0.0' failed: Error during WebSocket handshake: Unexpected response code: 403

user_socket.ex

defmodule App.UserSocket do
  use Phoenix.Socket

  ## Channels
  channel "collection:*", App.CollectionChannel

  ## Transports
  transport :websocket, Phoenix.Transports.WebSocket
  # transport :longpoll, Phoenix.Transports.LongPoll

  # Socket params are passed from the client and can
  # be used to verify and authenticate a user. After
  # verification, you can put default assigns into
  # the socket that will be set for all channels, ie
  #
  #     {:ok, assign(socket, :user_id, verified_user_id)}
  #
  # To deny connection, return `:error`.
  #
  # See `Phoenix.Token` documentation for examples in
  # performing token verification on connect.
  @max_age 2 * 7 * 24 * 60 * 60
  def connect(%{"token" => token}, socket) do
    case Phoenix.Token.verify(socket, "user socket", token, max_age: @max_age) do
      {:ok, user_id} ->
        {:ok, assign(socket, :user_id, user_id)}
      {:error, _reason} ->
        :error
    end
  end

  def connect(_params, _socket), do: :error

  # Socket id's are topics that allow you to identify all sockets for a given user:
  #
  #     def id(socket), do: "users_socket:#{socket.assigns.user_id}"
  #
  # Would allow you to broadcast a "disconnect" event and terminate
  # all active sockets and channels for a given user:
  #
  #     Style.Endpoint.broadcast("users_socket:#{user.id}", "disconnect", %{})
  #
  # Returning `nil` makes this socket anonymous.
  def id(socket), do: "users_socket:#{socket.assigns.user_id}"
end

collection_channel.ex

defmodule App.CollectionChannel do
  use App.Web, :channel

  def join("collection:lobby", _params, socket) do
    {:ok, socket}
  end
end

app.js

import socket from "./socket"

let channel = socket.channel("collection:lobby", {});

channel.join()
  .receive("ok", resp => console.log("joined the collection channel", resp))
  .receive("error", reason => console.log("join failed", reason));

socket.js

import {Socket} from "phoenix"

let socket = new Socket("/socket", {params: {token: window.userToken}})

Solution

  • To remove authentication, instead of verifying the token, always return a {:ok, socket} tuple inside the connect callback:

      def connect(_params, socket) do
        {:ok, socket}
      end
    

    And make your id callback return nil, since all sockets are anonymous

    def id(socket), do: nil
    

    Edit: Channel based authentication

    If you want to have both, authenticated and anonymous channels, you will either have to handle authentication in the join/3 callback of your channel, or specify via socket-assigns, if the user is allowed to join the channel.

    For example:

      def connect(%{"token" => token}, socket) do
        case Phoenix.Token.verify(socket, "user socket", token, max_age: @max_age) do
          {:ok, user_id} ->
            {:ok, assign(socket, :user_id, user_id)}
          {:error, _reason} ->
            :error
        end
      end
      def connect(_params, socket), do: {:ok, socket}
    

    This will allow anyone to join, but only sets the user_id when he is authenticated

    # authenticated_channel.ex
    defmodule App.AuthenticatedChannel  do
      use App.Web, :channel
    
      def join("authenticated:lobby", _params, socket) do
        if socket.assigns[:user_id] do
          {:ok, socket}
        else
          {:error, %{reason: "unauthorized"}}
      end
    
    end
    
    # unauthenticated_channel.ex
    defmodule App.UnauthenticatedChannel do
      use App.Web, :channel
    
      def join("unauthenticated:lobby", _params, socket) do
        {:ok, socket}
      end
    end