Setting Up Laravel Pusher for Broadcasting on a Private Channel
Laravel provides a seamless way to broadcast events using Pusher. When working with private channels, proper authentication is essential, especially when using Sanctum for API authentication. Below is a step-by-step guide to ensure your Laravel application is correctly configured for broadcasting on private channels.
1. Configure API Authentication Driver
If you are using Sanctum for API authentication, you need to update the config/auth.php file to set the API driver to Sanctum. This ensures that Laravel correctly handles authentication when a user tries to connect to a private broadcast channel.
Open config/auth.php and update the API driver:
'api' => [
'driver' => 'sanctum',
'provider' => 'users',
],
2. Define the Private Broadcast Channel
Next, you need to define the private channel in routes/channels.php. This file is responsible for authorizing users to listen to private channels.
Modify the routes/channels.php file to include the following:
use Illuminate\Support\Facades\Broadcast;
use App\Models\User;
use App\Models\Company;
Broadcast::channel('company-{company}', function (User $user, Company $company) {
return (int) $user->staff->company_id === (int) $company->id;
}, ['guards' => ['api']]);
Explanation:
- The
company-{company}channel pattern ensures that each company has its own unique private channel. - The callback function checks if the authenticated user's
staff->company_idmatches the givencompany->id, ensuring that only users from the same company can listen to the channel. - The
guardsoption specifies that this channel authentication should use theapiguard, which is necessary when using Sanctum.
3. Verify Your Pusher Configuration
Ensure that your .env file is correctly configured for Pusher:
PUSHER_APP_ID=your_app_id
PUSHER_APP_KEY=your_app_key
PUSHER_APP_SECRET=your_app_secret
PUSHER_HOST=
PUSHER_PORT=443
PUSHER_SCHEME=https
PUSHER_APP_CLUSTER=your_cluster
Also, confirm that your config/broadcasting.php file is set up to use Pusher:
'default' => env('BROADCAST_DRIVER', 'pusher'),
4. Install Pusher SDK (If Not Installed)
Ensure that you have installed the required dependencies:
composer require pusher/pusher-php-server
5. Test Broadcasting
You can test broadcasting by triggering an event:
use App\Events\CompanyUpdated;
broadcast(new CompanyUpdated($company))->toOthers();
If everything is set up correctly, only authorized users will receive the event via the private channel.
6. Testing Broadcasting and Authentication Using Postman
To test broadcasting and authentication in Postman, follow these steps:
Step 1: Authenticate User
Send a POST request to your Laravel authentication endpoint (e.g., /api/login) with valid user credentials:
{
"email": "[email protected]",
"password": "password"
}
Copy the authentication token from the response.
Step 2: Authenticate the Private Channel
Send a POST request to http://your-app.test/broadcasting/auth with the following headers:
Authorization: Bearer your_auth_token
Accept: application/json
Content-Type: application/json
And use the following body to test access to a private channel:
{
"channel_name": "private-company-1",
"socket_id": "123.456"
}
If authentication is successful, you should receive a response containing the authentication signature.
Step 3: Test Broadcasting an Event
Send a POST request to an API route that triggers broadcasting, such as:
POST http://your-app.test/api/broadcast-event
This route should trigger an event using Laravel’s broadcasting system. You can check if the event is received by listening to it in your front-end application using Pusher.
Conclusion
By properly configuring Laravel's broadcasting system with Pusher and Sanctum, you ensure that private channels are secure and only accessible to authorized users. Testing authentication and broadcasting via Postman can help debug and confirm your setup.
Happy coding!