CODEWITHSUNDEEP
iosswiftpusherpusherswift
Alex Harris
Alex Harris

Reputation: 6392

Pusher Client Error: Invalid Signature

I recently looked in my pusher error logs and noticed:

Invalid signature: Expected HMAC SHA256 hex digest of 217478.6054950:private-production1_xxxxx_1232:{"user_id":xxxx}, but got 707d39519ca7f971a134524d8fe2ebafbddd64f42b6af0a20d6a73fxxxxxxx

In general our websockets have been working fine. We have many clients working completely fine and sockets in general seem to be working without issue. This is the first time I've noticed this error and I check the error logs fairly frequently. Is this something I should be concerned about? I can confirm that private channels are working properly in general.

On the frontend the code is as follows:

let options = PusherClientOptions(
  authMethod: AuthMethod.authRequestBuilder(authRequestBuilder: AuthRequestBuilder()
)
pusher = Pusher(key: pusherKey!, options: options)

class AuthRequestBuilder: AuthRequestBuilderProtocol {
  func requestFor(socketID: String, channel: PusherChannel) -> NSMutableURLRequest? {
    let request = NSMutableURLRequest(url: URL(string: "https://\(baseURLPrefix).xxxxxx.com/xxxxx/xxxxx")!)
    request.httpMethod = "POST"
    request.httpBody = "socket_id=\(socketID)&channel_name=\(channel.name)".data(using: String.Encoding.utf8)
    request.addValue(
      "Bearer " + authToken, forHTTPHeaderField: "Authorization"
    )
    return request
  }
}

On the backend(Laravel application):

// Controller

public function presence_auth(Request $request)
{
    $pusher = new Pusher(
        config('broadcasting.connections.pusher.key'),
        config('broadcasting.connections.pusher.secret'),
        config('broadcasting.connections.pusher.app_id')
    );

    return $pusher->presence_auth($request->input('channel_name'), $request->input('socket_id'), AuthUser()->id);
}

Would this error occur if they had passed up a bad Bearer token to our backend?

Upvotes: 0

Views: 1605

Answers (1)

jameshfisher
jameshfisher

Reputation: 36387

You're using $pusher->presence_auth to create a signature for a private channel, i.e. a channel prefixed with private-. But presence_auth is intended to authenticate presence channels, i.e. channels prefixed with presence-.

If you wish to use presence data, you can use a presence- channel prefix. If you wish to use a private- channel without presence information, you can just use:

$pusher->socket_auth($request->input('channel_name'), $request->input('socket_id'))

Upvotes: 1

Related Questions