Pusher Custom Authentication

From sgcWebSockets 2022.1, the sgcWebSockets Pusher client allows to implement your own custom authentication.

Pusher only allow subscribe to private or presence channels, if the connection provides an authentication token, this allows to restrict the access.

You can build your own Authentication flow, using OnPusherAuthentication event, this event is called before the subscription message is signed with the secret key provided by Pusher. This event has 2 parameters a request authentication with fields like SocketId, channel name... which can be used by your own authentication server to authenticate or not the request. Find below a screenshot which shows the pusher authentication flow

Pusher Private Subscription Flow 

Delphi Example 

When a client connects to the pusher server, it sends the Key provided by pusher and the server returns an identification id (socket_id).

When a client subscribes to a private (or presence) channel, the sgcWebSockets client uses the Secret Key provided by pusher to create a signature which is included in the subscription message. Using the OnPusherAutentication event, you can capture the fields required to sign the message, implement your own authentication methods and if successful, return the signature and this signature will be included in the subscription message and sent to the server.

oClient := TsgcWebSocketClient.Create(nil);
oPusher := TsgcWSAPI_Pusher.Create(nil);
oPusher.Client := oClient;
oPusher.Cluster := 'eu'; 
Pusher.Name := 'js';
Pusher.Version := '4.1';
Pusher.TLS := True;
Pusher.Key := '9c3b7ef25qe97a00116c'; 
Pusher.Secret := ''; // the secret key is not known by the client, only by the authentication module
 
oPusher.OnPusherAuthentication := OnPusherAuthenticationEvent;
 
procedure OnPusherAuthenticationEvent(Sender: TObject; AuthRequest: TsgcWSPusherRequestAuthentication; AuthResponse: TsgcWSPusherResponseAuthentication);
begin
  // if the authentication request is succesful return the signature
  if CustomAuthentication(AuthRequest.Channel, AuthRequest.SocketID) then
    AuthResponse.Signature := GetCustomAuthenticationSignature;
end; 

The format of the signature is:

Private channels: key:HMAC256(SocketID, ChannelName)

Presence channels: key: HMAC256(SocketID, ChannelName, Data)

×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

Telegram Request Phone Number or Location
sgcWebSockets 4.5.4

Related Posts