IN THIS ARTICLE
We’ve now built out a pretty solid private chat application with chat alert popups and the ability to spawn an infinite amount of private channels for private chat. However, you might have noticed that our channels are pretty predictable. It’s not real private chat unless the rooms only allow appropriate members in.
In this tutorial, we’re going to change that, and we’ll add a layer of security to our private channels with permission-based authentication for private channels with our private chat API. To achieve this, we’ll be using PubNub Access Manager (PAM), which gives you access control over users, devices, channels, and keys. You’ll be able to restrict who gets access to read or write to specific channels.
We’ve now covered both building a multiplayer game lobby with a chatroom and the different ways we can use matchmaking to connect two different users. Here’s what we’ve covered so far:
- Part One: Series Overview and Building a Multiplayer Game Lobby
- Part Two: Adding Users and Usernames
- Part Three: Getting a List of Online Users
- Part Four: Random Matchmaking of Users
- Part Five: Skill-based Matchmaking of Users
- Part Six: Matchmaking Algorithm: Enabling Users to Challenge Other Players
- Part Seven: Create Chatrooms and Multiple Channels On Demand Tutorial
- Part Eight: Preparing for Private Chatrooms and Refactoring via Private Channels
- Part Nine: Creating Private Chat Requests with Popup Alerts
Setting Up PAM with Our Private Chat API
In order to grant permissions to our users, we’ll first need a secret key. The
demo publish and subscribe keys don’t support access to PAM.
Publish and Subscribe Keys
Enter your publish and subscribe keys from the PubNub console into the spots where
demo currently are.
Not just anybody is allowed to grant permissions. To do that, you need a
secret_key. You supply this in the same object as your publish and subscribe keys.
When PAM is turned on, all channels are automatically set to have completely restricted read and write; meaning everything is locked down until you grant permissions out.
You can turn PAM on in the PubNub console. While you’re there, you should enable Presence too so our previous demos will continue to work.
Now we know who is allowed to authorize other users, we need a way to identify who is allowed in what channel. For this we
auth_keygives us the ability to filter based on session, permissions levels, etc.
Now we’re all set up to grant people access to channels. All we need to do now is call
Let’s break it down.
There is the
channel: we want to grant access to. We use
channel + ',' + channel + '-pnpres', because using a comma lets us grant the same access to two channels at once.
auth_key is the same as earlier. This is who we want to grant access to.
read: true let us subscribe, and
write: true let us publish.
ttl: setting is a time for the grant to expire and it is set to
0 so it lasts forever.
There is also
callback but if you don’t know what thats for by now you should go back to tutorial #1!
Grant Before Subscribe
We’re going to wrap our
pubnub.subscribe call in a grant call so we have sufficient permissions before we try to connect.
Because we’re using PubNub presence, we also need to grant ourselves access to the
channel + '-pnpres' channel.
We’ll grant ourselves permissions in
channel, wait for the callback, grant ourselves permission in
chanel + '-pnpres', wait for the callback, and then finally subscribe.
Now when we run the code, we should connect without errors. This will grant everybody access to the channel and presence channel when they load the page.
If you experience errors, check your
channel_name, and make sure PAM is enabled.
Make Private Channels Private
Now we’re going to do the same exact thing for the private user to user channel. When a user opens the modal, they’ll give themselves access to the private chat channel. No other users will have access to that channel besides the two users who start chatting.
Full Private Chat API Demo
How could this possibly be secure if everyone can grant access to themselves? It isn’t. In the next tutorial, we’ll move the PAM permissions “server side” in a simulated NodeJS environment. We’ll actually be using another client CodePen client.