Activities Feed Client - Should support invoke/invalidate user token #462
Comments
|
Agent comment from Zachery Converse in Zendesk ticket #13574: Thanks for reaching out to Stream! I'll look into this and get back to you. Feel free to let us know if you have any additional information or questions. Cheers, °°° |
|
Agent comment from Zachery Converse in Zendesk ticket #13574: Tokens are unique to each user and not used to control permissions. Permissions are defined at a Feed Group level. These docs are quite good at explaining these premises. It is possible to add expiration logic to a token: This article is also quite useful: Feel free to let me know if you have any questions. Cheers, °°° |
|
Thanks so much for your answer.
I understand that if we add Permission scopes to JWT tokens payload, we can control user permission if client use the tokens to call Stream API directly.
Looking forward you reply. Thank you so so much. |
|
One more problem, if I use permission scope as above. |
Hi there.
I'm facing a problem, that is I want to invoke an user token to make it to be disable to call Stream API from clients.
I search your documents and see Chat Client has invokeUserToken function but Activities Feed Client doesn't.
My context is:
First, i generate an user token on server-side and make it can READ 2 feed groups: GROUP_1 and GROUP_2. Then send the token to client to let client connect Stream API directly.
Then I generate new token and make it can feed only a group, group 1. So I need to generate new token, then it to client one more time. About old token, I want to force it to expire or block it by any way to let user can not user old token to access group 2.
Please tell me how I can implement this logic?
Thanks for super great thing.
gz#13574
The text was updated successfully, but these errors were encountered: