Private channels¶
Authentication¶
To use private channels add this in you main url file:
from instant.views import instant_auth
urlpatterns = [
# ...
url(r'^centrifuge/auth/$', instant_auth, name='instant-auth'),
]
All the channels prefixed with a dollar sign $ are considered private.
from instant.producers import publish
publish(message='Private event', channel="$private_chan")
Security¶
All the messages sent to the Centrifugo server are signed using the secret key.
When a client requests a connection to a private channels Centrifugo sends an ajax
request to /centrifuge/auth/
and expects to receive a signed response
that will indicate if the user is authorized or not.
More info here about Centrifugo’s auth mechanism.