Skip to content
/ auth0-pusher Public

A simple demo of Single Page Application with Auth0 & Pusher

License

MIT license
10 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

auth0/auth0-pusher

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
public
public
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
app.js
app.js
 
 
package.json
package.json
 
 

Repository files navigation

A simple example using Pusher & Auth0

This is a single page application (SPA) that will authenticate users using any of Auth0 supported identity providers and then upon successful authentication will subscribe to a private events channel.

How it works?

The sample uses the Pusher JS API to subscribe to a private channel and then binds to new-message events.

var pusher = new Pusher('3dc9278e1b763c7e1eeb', { authTransport: 'ajax'});
var privateChannel = pusher.subscribe('private-channel-123');

privateChannel.bind('pusher:subscription_error', function(status){
    alert(status);
});

privateChannel.bind('new-message', function(data) {
    alert(data);
});

At the same time, we are overriding the authorize function of PrivateChannel so authentication happens through Auth0:

Pusher.PrivateChannel.prototype.authorize = function (socketId, callback) {
    
    widget.signin({ popup: true, extraParameters: { 
        socket_id: socketId,
        channel: 'private-channel-123'
    },
        access_type: 'offline'
    }, null, function(err, profile, token) {
        if (err) {
            console.log("There was an error");
            return alert("There was an error logging in");
        } 
        $('.login-box').hide();
        $('.logged-in-box').show();
        $('.avatar').attr('src', profile.picture);
        $('.welcome').text('Welcome ' + profile.name);
        $('.nickname').text(profile.nickname);
        callback(false, {
            auth: profile.pusherAuth
        });
    });

};

The Pusher authentication token is computed in an Auth0 Rule for the app and returned in the pusherAuth property of the user profile.

Notice that the Login Widget receives two extra parameters: socket_id and channel. These are used to compute the token following Pusher documentation.

Both are availabe in the context.request.query object in the rule:

function (user, context, callback) {
  
  var pusherKey='YOUR PUSHER KEY';
  var pusherSecret = '{YOUR PUSHER SECRET}';
  console.log(context.request.query.socket_id);
  
  if( context.request.query.channel && context.request.query.socket_id)
  {
    user.pusherAuth = pusherKey + ":" + sign(pusherSecret, context.request.query.channel, context.request.query.socket_id);
  }
  
  callback(null, user, context);
  
  function sign(secret, channel, socket_id)
  {
    var string_to_sign = socket_id+":"+channel;
    console.log(string_to_sign);
    var sha = crypto.createHmac('sha256',secret);
    return sha.update(string_to_sign).digest('hex');
  }
}

The sample is not considering any error conditions.

Issue Reporting

If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

Author

Auth0

License

This project is licensed under the MIT license. See the LICENSE file for more info.

About

A simple demo of Single Page Application with Auth0 & Pusher

Resources

Readme

License

MIT license

Security policy

Security policy
Activity
Custom properties

Stars

10 stars

Watchers

114 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages