Pusher authorization examples are misleading

[hdk-pd]

Hi,

I'm coming from this issue and going through the documentation to provide the maintainer with information on why the packages implementation of Pusher is insecure and dangerous, since I never used Pusher myself, I felt like the documentation is very misleading on the authorization part and might partly have caused that issue to happen. I'm talking about these examples specifically.

All examples, except Laravel, check if the user is authenticated and not authorized and then, in most cases, grant access to any channel that is part of the user input. Copying that as a beginner is dangerous in my opinion. I had to read twice to check if I am wrong there. I suggest adding some kind of dummy code that compares user IDs or some similar example scenario to pick up in the documentation. What do you think?

Thanks!

[benw-pusher]

We have tried to keep the code as simple as possible and it is provided to help users get started with the product - code snippets that are copy and pasted from a website without being fully understood should never be put into production. However, we don't make it clear what exactly is happening and that there is an expectation for the developer to add some more checks to the code to evaluate the user and ensure they are authorized to subscribe to the channel.

I'll update the docs with a note that makes this clear.