Crossbar is fantastic - thank you for building it!
I’ve been battling through for a good week now hacking around to make it work in the way i need it to, after a succession of problems experimenting with Ratchet (only supports WAMP v1) and Thruway (only supports Symfony 4).
I have a backend written in Laravel 7 (PHP7), with JS clients using Autobahn to connect over SSL (wss://) and automatically negotiate the WAMP v2 protocol (Cloudflare > Nginx proxy on port 443 > Crossbar server on 127.0.0.1:7000). User auth is stored in Mongo. I’ve written a custom broadcast driver which pushes topic updates from PHP via the HTTP bridge (POSTing as a publisher). The clients successfully receive the data the backend publishes to them, which is fantastic.
For 90% of the app, we can use REST. But for the “real-time” part (e.g sending commands to devices), we need to be able to somewhat duplicate the same functionality over the socket to get the response immediately.
I have 2 things which i need to complete the project which i’m bashing my head against the wall on. I can’t use Thruway for it because the package isn’t compatible with Laravel 7.
Dynamic authentication: I’d like to be able to send a JWT token (week-long TTL) as ticket auth and for it to be verified by the backend when connecting. The clients themselves could be within the integrated app (HTML etc), or outside. They already have JWT auth elsewhere, so i’d like to re-use it once the client has it. Assuming they have a valid JWT token, what’s the best practice for sending to the Laravel backend to check its validity? CRA? Ticket?
Proxying RPC calls: i have 30+ named remote procedures in the Laravel backend which socket clients need to be able to call - NOT as REST (which they can do already via the API), but WAMP --> Crossbar --> HTTP REST/JSON on the remote server as an authenticated caller. The HTTP “callee” part seems to fit the part, but the examples aren’t clear on how to define a POST endpoint (webhook) where you can specify different procedures. Also - a) what should the remote host return as its JSON payload for the JS client to consider it success or failure? b) i can’t leave the RPC endpoint open if the caller is remote, so can Crossbar use basic auth when making its HTTP call, or add a pass-through of the JWT token in the Authorization header?
Thanks in advance!