So far, we have been allowing any user of our application to connect to the socket, even if they weren't authenticated. In this case, since :user_id is nil, they were all connecting to the users: topic. We must update our application, so that only logged-in users can connect to the socket and join a channel. Whereas in the previous sections we implemented session-based authentication, this time we'll implement token-based authentication. This means that we'll assign a token for each authenticated user, and then validate that token when the user wants to connect to the socket.
When we explored the code in apps/elixir_drip_web/assets/js/socket.js, we saw that we're already passing the token to the server, using ...