The Azure.Messaging.WebPubSub.Clients SDK allows us to create an Azure PubSub service client like this:
var serviceClient = new WebPubSubServiceClient(<connectionstring>, "hubName");
Using this client we can generate temporary tokens with with which to open up a websocket client, like this:
var url = client.GetClientAccessUri(roles: new string[]
{ $"webpubsub.sendToGroup.mygroup", $"webpubsub.joinLeaveGroup.mygroup" }).AbsoluteUri;
var wsClient = new WebPubSubClient(new Uri(url));
The above code has initialised a websocket client that has the permission to join the "mygroup" group, and also to send to that group. The below for example would work
wsClient.GroupMessageReceived += eventArgs =>
{
Console.WriteLine($"Receive group message from {eventArgs.Message.Group}: {eventArgs.Message.Data}");
return Task.CompletedTask;
};
await wsClient.StartAsync();
await wsClient.JoinGroupAsync("mygroup");
What I am looking for is a way to do grant permission to all groups in the hub. I have not been able to find any documentation on this, but since "sendToAll" is a well-defined concept in Azure PubSub I would be surprised if this didn't exist.
The following does not work:
var url = client.GetClientAccessUri(roles: new string[]
{ $"webpubsub.sendToGroup.*", $"webpubsub.joinLeaveGroup.*" }).AbsoluteUri;
Nethier does this:
var url = client.GetClientAccessUri(roles: new string[]
{ $"webpubsub.sendToAll", $"webpubsub.joinLeaveAll" }).AbsoluteUri;
Is there a way to achieve this?
I stumbled across the answer while looking for something else this morning, here:
https://learn.microsoft.com/en-us/azure/azure-web-pubsub/concept-service-internals#authentication-workflow
The below will allow joining any group and sending to all groups: