VOOZH about

URL: https://deepwiki.com/hypervel/broadcasting/2.3-channel-types-and-authentication

⇱ Channel Types & Authentication | hypervel/broadcasting | DeepWiki

Loading...
Loading...
Menu

Channel Types & Authentication

This document describes the channel classification system and authentication mechanisms in the broadcasting package. It covers the four channel types (public, private, presence, and encrypted private), the HTTP endpoints for channel authorization, the authentication flow through the Broadcaster base class, and advanced features including implicit model binding and authentication guard support.

For information about how channels integrate with specific drivers, see 3. Broadcasting Drivers. For details on implementing custom authorization logic, see 6.1 Authentication & Authorization.

Overview

The broadcasting system implements a channel-based authentication model that controls access to real-time event streams. Channels are categorized by naming conventions that determine their authentication requirements. The system provides two HTTP endpoints for authentication: channel-level authorization and user-level authentication. The Broadcaster base class implements pattern matching, callback resolution, parameter extraction, and implicit model binding to execute authorization logic.

Sources: src/Broadcasters/Broadcaster.php1-304 src/BroadcastController.php1-32

Channel Types

The broadcasting system defines four channel types, distinguished by naming prefixes that control authentication behavior:

Channel TypePrefixAuthentication RequiredClassUse Case
Public(none)NoChannelOpen broadcasts, no access control
Privateprivate-YesPrivateChannelUser-specific or restricted content
Presencepresence-YesPresenceChannelReal-time user presence tracking
Encrypted Privateprivate-encrypted-YesEncryptedPrivateChannelEnd-to-end encrypted communications

Channel Type Hierarchy



Sources: src/Channel.php1-32 src/PrivateChannel.php1-20 src/PresenceChannel.php1-16 src/EncryptedPrivateChannel.php1-16


Public Channels


Public channels require no authentication. Any client can subscribe without providing credentials. The Channel class serves as the base for all channel types and represents public channels when instantiated directly.


Implementation: src/Channel.php10-32




Public channels accept either a string name or an object implementing HasBroadcastChannel.


Sources: src/Channel.php10-32


Private Channels


Private channels require authentication and are prefixed with private-. The PrivateChannel class automatically prepends this prefix to the provided channel name. Clients must present valid authorization signatures to subscribe.


Implementation: src/PrivateChannel.php9-20




Private channels also support model instances implementing HasBroadcastChannel for automatic channel name resolution.


Sources: src/PrivateChannel.php9-20


Presence Channels


Presence channels extend private channel functionality by tracking which users are subscribed. They are prefixed with presence- and require user authentication data beyond simple authorization. The PresenceChannel class prepends this prefix automatically.


Implementation: src/PresenceChannel.php8-16




When a client subscribes to a presence channel, the authentication response includes user information that other subscribers can see. This enables features like "who's online" indicators.


Sources: src/PresenceChannel.php8-16


Encrypted Private Channels


Encrypted private channels provide end-to-end encryption for sensitive data. They combine private channel authentication with encryption requirements and use the prefix private-encrypted-. The EncryptedPrivateChannel class manages this prefix.


Implementation: src/EncryptedPrivateChannel.php8-16




Not all broadcasting drivers support encrypted channels. Driver-specific implementations handle the encryption/decryption logic.


Sources: src/EncryptedPrivateChannel.php8-16




HTTP Authentication Endpoints


The broadcasting system exposes two HTTP endpoints for authentication, handled by BroadcastController:


Endpoint: /broadcasting/auth


Purpose: Authenticates client requests to subscribe to private, presence, or encrypted channels.


Handler: BroadcastController::authenticate()

Implementation: src/BroadcastController.php16-19




This endpoint receives the channel name and socket ID from the client, executes registered authorization callbacks, and returns driver-specific signatures or tokens.


Endpoint: /broadcasting/user-auth


Purpose: Authenticates the current user for presence channel functionality.


Handler: BroadcastController::authenticateUser()

Implementation: src/BroadcastController.php28-31




This endpoint resolves and returns authenticated user information required by presence channels to display subscriber data.


Sources: src/BroadcastController.php1-32




Authentication Flow


The following sequence diagram illustrates the complete authentication process from client request to authorization response:


Channel Authorization Sequence




Sources: src/BroadcastController.php16-19 src/Broadcasters/Broadcaster.php92-114


Authentication Components Mapping




Sources: src/Broadcasters/Broadcaster.php38-114 src/Broadcasters/Broadcaster.php243-286




Channel Authorization


Registering Channel Callbacks


Channel authorization logic is registered using the channel() method on the Broadcaster class. This method accepts a channel pattern, a callback for authorization logic, and optional configuration.


Method Signature: src/Broadcasters/Broadcaster.php72-85




Parameters:


    

  • $channel - Channel name pattern with optional parameter placeholders (e.g., "user.{id}")
    • 

  • $callback - Authorization callback (closure, callable, or class name)
    • 

  • $options - Configuration array (e.g., ['guards' => ['web', 'api']])
    • 



Storage: src/Broadcasters/Broadcaster.php38-42


    

  • Patterns and callbacks stored in static::$channels array
    • 

  • Options stored in static::$channelOptions array
    • 



Sources: src/Broadcasters/Broadcaster.php72-85


Authorization Execution


The verifyUserCanAccessChannel() method implements the authorization logic:


Implementation: src/Broadcasters/Broadcaster.php92-114


    

  1. Pattern Matching: Iterates through registered channel patterns using channelNameMatchesPattern() 283-286
    2. 

  2. Parameter Extraction: Calls extractAuthParameters() 119-128 to extract route parameters from channel name
    3. 

  3. Callback Normalization: Converts class-based handlers to callables via normalizeChannelHandlerToCallable() 233-238
    4. 

  4. User Retrieval: Calls retrieveUser() 243-262 to get authenticated user with guard support
    5. 

  5. Callback Execution: Invokes callback with user and extracted parameters
    6. 

  6. Result Handling:

      

    • false → throws AccessDeniedHttpException
      • 

    • Truthy value → calls validAuthenticationResponse() (driver-specific)
      • 

    • No match → throws AccessDeniedHttpException
      • 

    

    7. 



Sources: src/Broadcasters/Broadcaster.php92-114


Channel Pattern Matching


Channel patterns support parameter placeholders using curly brace syntax: {paramName}. The system converts these to regex patterns for matching.


Pattern Matching Logic: src/Broadcasters/Broadcaster.php283-286




Pattern Examples:


    

  • Pattern: "user.{id}" → Matches: "user.123", "user.456"
    • 

  • Pattern: "team.{team}.chat" → Matches: "team.5.chat"
    • 

  • Pattern: "order.{order}.status" → Matches: "order.abc123.status"
    • 



Parameter Extraction: src/Broadcasters/Broadcaster.php165-170




The extracted keys are named capture groups corresponding to placeholder names.


Sources: src/Broadcasters/Broadcaster.php165-170 src/Broadcasters/Broadcaster.php283-286




Implicit Model Binding


The authentication system supports implicit model binding, automatically resolving parameter placeholders to model instances.


Binding Resolution Process




Sources: src/Broadcasters/Broadcaster.php119-128 src/Broadcasters/Broadcaster.php189-215


Binding Requirements


For implicit binding to occur, the following conditions must be met:


    

  1. Parameter Name Match: The callback parameter name must match the placeholder name
    2. 

  2. Type Requirement: The parameter type-hint must implement UrlRoutable
    3. 

  3. Model Resolution: The model's resolveRouteBinding() method must return an instance
    4. 



Implementation: src/Broadcasters/Broadcaster.php211-215




Resolution Logic: src/Broadcasters/Broadcaster.php189-206




If model resolution fails (returns null), an AccessDeniedHttpException is thrown, denying channel access.


Sources: src/Broadcasters/Broadcaster.php189-215




Authentication Guards


The authorization system supports multiple authentication guards, allowing channel-specific authentication sources.


Guard Configuration


Guards are specified in the $options array when registering channels:




Multiple guards can be provided as an array. The system attempts authentication with each guard in order until a user is found.


User Retrieval with Guards


Implementation: src/Broadcasters/Broadcaster.php243-262




Guard Resolution Process:


    

  1. Retrieve channel options using retrieveChannelOptions() 267-278
    2. 

  2. Extract guards array from options
    3. 

  3. If no guards specified, use default guard
    4. 

  4. Iterate through guards, attempting authentication
    5. 

  5. Return first authenticated user
    6. 

  6. Return null if no authentication succeeds
    7. 



Sources: src/Broadcasters/Broadcaster.php243-262


Channel Options Retrieval


Implementation: src/Broadcasters/Broadcaster.php267-278




Options are matched using the same pattern matching logic as channel callbacks.


Sources: src/Broadcasters/Broadcaster.php267-278




User Authentication for Presence


Presence channels require user-level authentication beyond channel authorization. This provides user metadata visible to other channel subscribers.


User Authentication Callback


Broadcasters can register a custom callback for resolving authenticated user data:


Method: src/Broadcasters/Broadcaster.php64-67




Resolution: src/Broadcasters/Broadcaster.php50-57




The callback receives the HTTP request and should return an array with user information (typically id and name fields) or null if no user is authenticated.


HTTP Endpoint: The /broadcasting/user-auth endpoint src/BroadcastController.php28-31 calls this resolution method and throws AccessDeniedHttpException if no user data is returned.


Sources: src/Broadcasters/Broadcaster.php50-67 src/BroadcastController.php28-31




Summary


The channel authentication system provides a flexible, pattern-based authorization framework supporting four channel types with distinct security characteristics. The Broadcaster base class implements HTTP endpoint handlers, pattern matching, parameter extraction, implicit model binding, and multi-guard authentication. Channel authorization is defined through registered callbacks that receive authenticated users and extracted parameters, enabling fine-grained access control with automatic type conversion for routable models.


Key Files: