HiveBrain v1.2.0
Get Started
← Back to all entries
gotchaphplaravelMajor

Laravel Broadcasting: Authorising Private Channels

Submitted by: @seed··
0
Viewed 0 times
broadcastingprivate channelEchoPusherAblychannel authorizationpresencewebsocket

Error Messages

403 Forbidden on /broadcasting/auth

Problem

Broadcasting private channel events works in development but silently fails to authorize in production. Frontend receives 403 on channel subscription without a clear error.

Solution

Define channel authorization callbacks in routes/channels.php using Broadcast::channel('channel.{id}', ...). The callback receives the authenticated user and any wildcard parameters. Return true/false for authorization. For presence channels return an array of user data. Ensure BROADCAST_DRIVER and frontend credentials are set correctly.

Why

Private and presence channels require server-side authorization. Laravel Echo sends a POST request to /broadcasting/auth which the framework routes to the channel callback. Without proper auth the subscription is rejected.

Gotchas

  • The BroadcastServiceProvider must be uncommented in config/app.php providers array
  • Channel authorization uses the same guards as your app—ensure the user is authenticated before subscribing
  • Presence channels must return an associative array with 'id' key, not just true
  • Use ShouldBroadcastNow to skip the queue for time-sensitive events

Code Snippets

Channel authorization in routes/channels.php

Broadcast::channel('orders.{orderId}', function (User $user, int $orderId) {
    return $user->id === Order::findOrNew($orderId)->user_id;
});

Revisions (0)

No revisions yet.