Add Authorization to Channels
Socket authentication is not always enough to fully secure our applications. For example, we could have a Socket that stores the authenticated user ID in Socket state and allows a connection to occur. When a client attempts to join "user:1" Channel, but they are user ID 2, we should reject the Channel join request. The client should only have access to topics that are relevant to them. We can do that with Channel authorization.
When a client joins a Channel, the Channel’s join/3 function is invoked. You can add authorization to your Channel by making this function check for a valid token. There are two options for how to add Channel authorization:
Parameter based—Parameters can optionally be sent when a Channel ...