Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RTN15h: token errors, when the library can renew, result in DISCONNEC… #439

Closed
wants to merge 45 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
45 commits
Select commit Hold shift + click to select a range
b1c09bf
spec: Reject invalid authCallback / authUrl content
mattheworiordan Nov 24, 2016
1acf1e4
spec: authCallback can take a JSON-like object
mattheworiordan Nov 25, 2016
55642a2
spec: Consistent spec reference formatting
mattheworiordan Nov 25, 2016
47606aa
api: Add details on authUrl / authCallback payload restrictions
mattheworiordan Nov 25, 2016
92bd442
spec: Prefer JSON-encodeable
mattheworiordan Nov 25, 2016
593d983
spec: Describe how TokenDetails are detected
mattheworiordan Nov 25, 2016
2f99cda
Be explicit about failure conditions vs result in realtime vs rest libs
SimonWoolf Dec 13, 2016
0805df1
EventEmitter emit spec update (#240)
mattheworiordan Jan 2, 2017
8cc09fd
Allow clientoptions.token to be a string, tokendetails, or tokenrequest
SimonWoolf Nov 24, 2016
c571644
Add spec item for transportParams overriding default params
SimonWoolf Aug 28, 2017
9f3bc39
Clarify RSA10e (Auth#authorize requesting tokens)
SimonWoolf Nov 1, 2016
f20b888
spec: Send exceptions to ably error reporting service
mattheworiordan May 2, 2017
e1ba837
spec: Href and source for ErrorInfo
mattheworiordan May 2, 2017
1af4d39
spec: Address feedback
mattheworiordan May 2, 2017
52e8947
spec: New ErrorInfo attributes are optional
mattheworiordan May 2, 2017
dce7bb8
spec: Replace source with cause
mattheworiordan May 2, 2017
584eaad
Clarify spec on client auth failures
SimonWoolf Nov 16, 2017
7ed0beb
Support for the Sentry exception reporting service is optional in 1.1
paddybyers Mar 28, 2018
7eed9c0
Include extras in PresenceMessage and associated API
paddybyers Mar 28, 2018
ea5fa51
Clarify definition of JSON-encodable
paddybyers Mar 28, 2018
f679b18
Add explicit requirement for robustness principle for forwards compat…
paddybyers Mar 28, 2018
7248dac
Add spec for PushChannel.
tcard Nov 1, 2017
7dfb958
Minor fixes, clarifications and omissions in push spec.
tcard Nov 1, 2017
4e581db
Fixes some iOS Swift docs (handles renames)
mezis Dec 1, 2017
45184af
Add some comments on device authentication for push operations (draft)
paddybyers Mar 14, 2018
701ca1c
Updates to reflect changes in device authentication for push
paddybyers Mar 14, 2018
4eda374
Change RHS to RSH
funkyboy Mar 23, 2018
13fcdb8
Relabel push channels section with RSH7
funkyboy Mar 23, 2018
567a1ee
Reorder sections by label
funkyboy Mar 23, 2018
46e780a
Correct description of device id generation
paddybyers Mar 28, 2018
d585dd0
Minor spec corrections
paddybyers Mar 29, 2018
e9cdc95
Merge pull request #409 from ably/spec-presence-extras
paddybyers Mar 29, 2018
459bfd0
Minor spec corrections
paddybyers Mar 29, 2018
032fa07
Merge pull request #411 from ably/spec-extensible-decoding
paddybyers Mar 29, 2018
3975f69
Merge pull request #410 from ably/spec-clarify-json-encodable
paddybyers Mar 29, 2018
6d83887
Merge pull request #408 from ably/spec-sentry-optional
paddybyers Mar 29, 2018
1a73585
Merge pull request #399 from ably/integration-push
paddybyers Mar 29, 2018
206e801
Add requirements for JWT support
paddybyers Apr 25, 2018
74cc4c5
Minor corrections following feedback
paddybyers Apr 26, 2018
7e97612
Add missing URL for JWT
funkyboy May 28, 2018
a5abc73
Add 40106 error code for no credentials; clarify possibly authURL res…
paddybyers Jun 2, 2018
30d6207
Merge pull request #420 from ably/add-jwt
paddybyers Jun 3, 2018
6c021da
RSC3d -> RSA3d
funkyboy Jun 4, 2018
ccc022f
Merge pull request #438 from ably/fix-RSC3d-ref
funkyboy Jun 4, 2018
49a57c0
RTN15h: token errors, when the library can renew, result in DISCONNEC…
paddybyers Jun 5, 2018
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
253 changes: 165 additions & 88 deletions content/client-lib-development-guide/features.textile

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion content/realtime/connection.textile
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ bc[objc]. ARTRealtime *ably = [[ARTRealtime alloc] initWithKey:@"{{API_KEY}}"];
}];

bc[swift]. let realtime = ARTRealtime(key: "{{API_KEY}}")
realtime.connection.on(.Connected) { change in
realtime.connection.on(.connected) { change in
print("Connected, that was easy")
}

Expand Down
2 changes: 1 addition & 1 deletion content/realtime/push/activate-subscribe.textile
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ You should now have a couple of methods: <span lang="swift">"@application(_:didR
```[swift]
// In your UIApplicationDelegate class:
func application(_ application: UIApplication, didRegisterForRemoteNotificationsWithDeviceToken deviceToken: Data) {
ARTPush.didRegisterForRemoteNotificationsWithDeviceToken(deviceToken, realtime: self.getAblyRealtime())
ARTPush.didRegisterForRemoteNotifications(withDeviceToken: deviceToken, realtime: self.getAblyRealtime())
}

func application(_ application: UIApplication, didFailToRegisterForRemoteNotificationsWithError error: Error) {
Expand Down
42 changes: 29 additions & 13 deletions content/realtime/push/admin.textile
Original file line number Diff line number Diff line change
Expand Up @@ -41,14 +41,30 @@ result.errback do |err|
end
```

p(tip). The push notification service is currently in beta. Before you get started, please take a look at the "push service beta notice":/realtime/push#beta.

The push admin API offers three key features:

* "@publish@":#publish for "direct publishing to devices and groups of identified devices":/realtime/push/publish#direct-publishing
* "@deviceRegistrations@":#device-registrations for registering, updating, listing and deregistering push devices
* "@channelSubscriptions@":#channel-subscriptions for subscribing, listing and unsubscribing individual devices or groups of identified devices to push notifications published on channels

h3. Push admin access control and device authentication

Operations using the push admin API, as with all other REST APIs, require specific permissions to be present in the credentials presented by a client. The push admin API has two modes of authorization:

* access using the @push-admin@ permission. A client whose credentials contain the @push-admin@ permission has full access to the push admin API, and can manage registrations and subscriptions for all devices;

* access using the @push-subscribe@ permission. A client with @push-subscribe@ is a push target device, and it can manage its registration and any subscription for itself; it is not able to manage push registrations or channel subscriptions for any other device. The credentials presented, as well as containing the @push-subscribe@ permission, must also authenticate the device itself.

Every push target device has a @deviceId@ and also has device credentials, which are used as the basis for device authentication. When using the push admin API, a device can authenticate itself in two ways:

* by using an Ably token that contains its @deviceId@;

* by using a normal Ably key or token but additionally including a @deviceToken@ - a credential created at registration time that is used to assert the device identity - in a header in the request.

Management of device credentials is performed by the client library, so unless the push admin API is being accessed directly using HTTP, the client application does not need to worry about managing device credentials.

p(tip). The push notification service is currently in beta. Before you get started, please take a look at the "push service beta notice":/realtime/push#beta.

h1. API reference

inline-toc.
Expand Down Expand Up @@ -149,7 +165,7 @@ bq(definition#device-get-device).
default: get("DeviceDetails":#device-details device, callback("ErrorInfo":/realtime/types#error-info err, "DeviceDetails":#device-details device))
ruby: "Deferrable":/realtime/types#deferrable get("DeviceDetails":#device-details device) -> yields "DeviceDetails":#device-details

Obtain the @DeviceDetails@ for a device registered for receiving push registrations matching the @deviceId@ argument, or the @id@ attribute of the provided @DeviceDetails@ object.
Obtain the @DeviceDetails@ for a device registered for receiving push registrations matching the @deviceId@ argument, or the @id@ attribute of the provided @DeviceDetails@ object. Requires @push-admin@ permission or @push-subscribe@ permission together with device authentication matching the requested @deviceId@.

h4. Parameters

Expand Down Expand Up @@ -182,7 +198,7 @@ bq(definition).
default: list(Object params, callback("ErrorInfo":/realtime/types#error-info err, "PaginatedResult":#paginated-result<"DeviceDetails":#device-details device> resultPage))
ruby: "Deferrable":/realtime/types#deferrable list(Hash params) -> yields "PaginatedResult":#paginated-result<"DeviceDetails":#device-details>

Retrieve all devices matching the params filter as a paginated list of "@DeviceDetails@":#device-details objects.
Retrieve all devices matching the params filter as a paginated list of "@DeviceDetails@":#device-details objects. Requires @push-admin@ permission.

h4. Parameters

Expand Down Expand Up @@ -221,7 +237,7 @@ bq(definition).
default: save("DeviceDetails":#device-details device, callback("ErrorInfo":/realtime/types#error-info err, "DeviceDetails":#device-details device))
ruby: "Deferrable":/realtime/types#deferrable save("DeviceDetails":#device-details device) -> yields "DeviceDetails":#device-details

Register a new @DeviceDetails@ object, or update an existing @DeviceDetails@ object with the Ably service.
Register a new @DeviceDetails@ object, or update an existing @DeviceDetails@ object with the Ably service. Requires @push-admin@ permission or @push-subscribe@ permission together with device authentication matching the requested @deviceId@.

h4. Parameters

Expand Down Expand Up @@ -257,7 +273,7 @@ bq(definition#device-remove-device).
default: remove("DeviceDetails":#device-details device, callback("ErrorInfo":/realtime/types#error-info err))
ruby: "Deferrable":/realtime/types#deferrable remove("DeviceDetails":#device-details device) -> yield

Remove a device registered for receiving push registrations that matches the @deviceId@ argument, or the @id@ attribute of the provided @DeviceDetails@ object.
Remove a device registered for receiving push registrations that matches the @deviceId@ argument, or the @id@ attribute of the provided @DeviceDetails@ object. Requires @push-admin@ permission or @push-subscribe@ permission together with device authentication matching the requested @deviceId@.

h4. Parameters

Expand Down Expand Up @@ -291,7 +307,7 @@ bq(definition).
default: removeWhere(Object params, callback("ErrorInfo":/realtime/types#error-info err))
ruby: "Deferrable":/realtime/types#deferrable remove_where(Hash params) -> yield

Delete all devices matching the params filter.
Delete all devices matching the params filter. Requires @push-admin@ permission.

h4. Parameters

Expand Down Expand Up @@ -335,7 +351,7 @@ bq(definition).
default: get("PushChannelSubscription":#push-channel-subscription channelSubscription, callback("ErrorInfo":/realtime/types#error-info err, "PushChannelSubscription":#push-channel-subscription channelSubscription))
ruby: "Deferrable":/realtime/types#deferrable get("PushChannelSubscription":#push-channel-subscription channel_subscription) -> yields "PushChannelSubscription":#push-channel-subscription

Retrieve the push channel subscription that matches the provided "@PushChannelSubscription@":#push-channel-subscription argument. Each "@PushChannelSubscription@":#push-channel-subscription represents a device or set of devices sharing the same "client identifier":/general/authentication#identified-clients registered to a channel to receive push notifications.
Retrieve the push channel subscription that matches the provided "@PushChannelSubscription@":#push-channel-subscription argument. Each "@PushChannelSubscription@":#push-channel-subscription represents a device or set of devices sharing the same "client identifier":/general/authentication#identified-clients registered to a channel to receive push notifications. Requires @push-admin@ permission.

h4. Parameters

Expand Down Expand Up @@ -367,7 +383,7 @@ bq(definition).
default: list(Object params, callback("ErrorInfo":/realtime/types#error-info err, "PaginatedResult":#paginated-result<"PushChannelSubscription":#push-channel-subscription> resultPage))
ruby: "Deferrable":/realtime/types#deferrable list(Hash params) -> yields "PaginatedResult":#paginated-result<"PushChannelSubscription":#push-channel-subscription>

Retrieve all push channel subscriptions that match the provided params filter as a paginated list of "@PushChannelSubscription@":#push-channel-subscription objects. Each "@PushChannelSubscription@":#push-channel-subscription represents a device or set of devices sharing the same "client identifier":/general/authentication#identified-clients registered to a channel to receive push notifications.
Retrieve all push channel subscriptions that match the provided params filter as a paginated list of "@PushChannelSubscription@":#push-channel-subscription objects. Each "@PushChannelSubscription@":#push-channel-subscription represents a device or set of devices sharing the same "client identifier":/general/authentication#identified-clients registered to a channel to receive push notifications. Requires @push-admin@ permission.

h4. Parameters

Expand Down Expand Up @@ -408,7 +424,7 @@ bq(definition).
default: listChannels(Object params, callback("ErrorInfo":/realtime/types#error-info err, "PaginatedResult":#paginated-result<String> resultPage))
ruby: "Deferrable":/realtime/types#deferrable list_channels(Hash params) -> yields "PaginatedResult":#paginated-result<String>

Retrieve a list of channels with at least one subscribed device as a paginated list of channel name @String@ objects.
Retrieve a list of channels with at least one subscribed device as a paginated list of channel name @String@ objects. Requires @push-admin@ permission.

h4. Parameters

Expand Down Expand Up @@ -445,7 +461,7 @@ bq(definition).
default: save("PushChannelSubscription":#push-channel-subscription channelSubscription, callback("ErrorInfo":/realtime/types#error-info err, "PushChannelSubscription":#push-channel-subscription channelSubscription))
ruby: "Deferrable":/realtime/types#deferrable save("PushChannelSubscription":#push-channel-subscription channel_subscription) -> yields "PushChannelSubscription":#push-channel-subscription

Subscribe a device or group of devices sharing a "client identifier":/general/authentication#identified-clients for push notifications published on a channel.
Subscribe a device or group of devices sharing a "client identifier":/general/authentication#identified-clients for push notifications published on a channel. Requires @push-admin@ permission or, in the case of a subscription associated with a given @deviceId@, @push-subscribe@ permission together with device authentication matching that @deviceId@.

h4. Parameters

Expand Down Expand Up @@ -477,7 +493,7 @@ bq(definition).
default: remove("PushChannelSubscription":#push-channel-subscription channelSubscription, callback("ErrorInfo":/realtime/types#error-info err))
ruby: "Deferrable":/realtime/types#deferrable remove("PushChannelSubscription":#push-channel-subscription channel_subscription) -> yield

Subscribe a device or group of devices sharing a "client identifier":/general/authentication#identified-clients for push notifications on a channel.
Subscribe a device or group of devices sharing a "client identifier":/general/authentication#identified-clients for push notifications on a channel. Requires @push-admin@ permission or, in the case of a subscription associated with a given @deviceId@, @push-subscribe@ permission together with device authentication matching that @deviceId@.

h4. Parameters

Expand Down Expand Up @@ -510,7 +526,7 @@ bq(definition).
default: removeWhere(Object params, callback("ErrorInfo":/realtime/types#error-info err))
ruby: "Deferrable":/realtime/types#deferrable remove_where(Hash params) -> yield

Delete all push channel subscriptions matching the params filter.
Delete all push channel subscriptions matching the params filter. Requires @push-admin@ permission.

h4. Parameters

Expand Down
8 changes: 4 additions & 4 deletions content/rest-api/index.textile
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jump_to:
- reset a device's update token#reset-update-token
- unregister device#delete-device-registration
- unregister devices#delete-device-registrations
- subscribe to a channel#put-channel-subscription
- subscribe to a channel#post-channel-subscription
- unsubscribe from channels#delete-channel-subscription
- list channel subscriptions#list-channel-subscriptions
- list channels#list-channels
Expand Down Expand Up @@ -359,7 +359,7 @@ Messages can include an optional @extras@ field, used by extensions to Ably's co

h6(#message-extras-push). Send push notification

You can send a push notification to devices "subscribed to the channel":#put-channel-subscription the message is sent to by setting the @push@ field in the @extras@ object, like this:
You can send a push notification to devices "subscribed to the channel":#post-channel-subscription the message is sent to by setting the @push@ field in the @extras@ object, like this:

bc[json]. {
<... message fields ...>
Expand Down Expand Up @@ -866,7 +866,7 @@ A successful request returns an empty response.

An unsuccessful request returns an error.

h3(#put-channel-subscription). Subscribe to a channel
h3(#post-channel-subscription). Subscribe to a channel

Subscribe either a single device or all devices associated with a client ID to receive push notifications from messages sent to a channel.

Expand Down Expand Up @@ -999,7 +999,7 @@ h3(#push-publish). Publish a push notification to a single device

Convenience endpoint to deliver a push notification payload to a single device or set of devices identified by their "client identifier":/general/authentication#identified-clients.

If you want to send a push notification to multiple devices or use a more flexible publish-subscribe architecture so that you don't need to know about recipient devices's details, we recommend you look at "registering devices for push":#post-device-registration, then "subscribe them to channels":#put-channel-subscription, and then "send messages to the channels with push payloads":#message-extras-push.
If you want to send a push notification to multiple devices or use a more flexible publish-subscribe architecture so that you don't need to know about recipient devices's details, we recommend you look at "registering devices for push":#post-device-registration, then "subscribe them to channels":#post-channel-subscription, and then "send messages to the channels with push payloads":#message-extras-push.

This direct publish endpoint is designed for customers who typically have legacy devices they wish to push directly to, or if they want to publish to all devices for a single user.

Expand Down
4 changes: 2 additions & 2 deletions content/types/_auth_options.textile
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,9 @@ h4.
ruby: Attributes
Python: Attributes

- <span lang="default">authCallback</span><span lang="csharp">AuthCallback</span><span lang="python">auth_callback</span><span lang="ruby">:auth_callback</span> := A <span lang="default">function</span><span lang="javascript,nodejs">function with the form @function(tokenParams, callback(err, tokenOrTokenRequest))@</span><span lang="java">@TokenCallback@ instance</span><span lang="python">callable (eg a lambda)</span><span lang="ruby">proc / lambda (called synchronously in REST and Realtime but does not block EventMachine in the latter)</span> which is called when a new token is required. The role of the callback is to either generate a signed "@TokenRequest@":/realtime/types#token-request which may then be submitted automatically by the library to the "Ably REST API @requestToken@":/rest-api#request-token; or to provide a valid token in as a "@TokenDetails@":/realtime/types#token-details object. See "an authentication callback example":<%= JsBins.url_for('authentication/auth-callback') %> or "our authentication documentation":/rest/authentication for details of the token request format and associated API calls.<br>__Type: <span lang="default">@Callable@</span><span lang="java">@TokenCallback@</span><span lang="ruby">@Proc@</span><span lang="csharp">@Func<TokenParams, Task<TokenDetails>>@</span>__
- <span lang="default">authCallback</span><span lang="csharp">AuthCallback</span><span lang="python">auth_callback</span><span lang="ruby">:auth_callback</span> := A <span lang="default">function</span><span lang="javascript,nodejs">function with the form @function(tokenParams, callback(err, tokenOrTokenRequest))@</span><span lang="java">@TokenCallback@ instance</span><span lang="python">callable (eg a lambda)</span><span lang="ruby">proc / lambda (called synchronously in REST and Realtime but does not block EventMachine in the latter)</span> which is called when a new token is required. The role of the callback is to either generate a signed "@TokenRequest@":/realtime/types#token-request which may then be submitted automatically by the library to the "Ably REST API @requestToken@":/rest-api#request-token; or to provide a valid token in as a "@TokenDetails@":/realtime/types#token-details object. See "an authentication callback example":<%= JsBins.url_for('authentication/auth-callback') %> or "our authentication documentation":/rest/authentication for details of the token request format and associated API calls. Please note that the JSON stringified version of @TokenDetails@ or @TokenRequest@ must be less than 128kb.<br>__Type: <span lang="default">@Callable@</span><span lang="java">@TokenCallback@</span><span lang="ruby">@Proc@</span><span lang="csharp">@Func<TokenParams, Task<TokenDetails>>@</span>__

- <span lang="default">authUrl</span><span lang="csharp">AuthUrl</span><span lang="ruby">:auth_url</span><span lang="python">auth_url</span> := A URL that the library may use to obtain a token string (in plain text format), or a signed "@TokenRequest@":/realtime/types#token-request or "@TokenDetails@":/realtime/types#token-details (in JSON format). For example, this can be used by a client to obtain signed token requests from an application server.<br>__Type: <span lang="default">@String@</span><span lang="csharp">@Uri@</span><span lang="swift,objc">@NSURL@</span>__
- <span lang="default">authUrl</span><span lang="csharp">AuthUrl</span><span lang="ruby">:auth_url</span><span lang="python">auth_url</span> := A URL that the library may use to obtain a token string (in plain text format), or a signed "@TokenRequest@":/realtime/types#token-request or "@TokenDetails@":/realtime/types#token-details (in JSON format). For example, this can be used by a client to obtain signed token requests from an application server. Please note that the JSON stringified version of @TokenDetails@ or @TokenRequest@ must be less than 128kb.<br>__Type: <span lang="default">@String@</span><span lang="csharp">@Uri@</span><span lang="swift,objc">@NSURL@</span>__

- <span lang="default">authMethod</span><span lang="csharp">AuthMethod</span><span lang="ruby">:auth_method</span><span lang="python">auth_method</span> := _<span lang="default">@GET@</span><span lang="ruby">@:get@</span>_ The HTTP verb to use for the request, either <span lang="default">@GET@</span><span lang="ruby">@:get@</span> or <span lang="default">@POST@</span><span lang="ruby">@:post@</span><br>__Type: <span lang="default">@String@</span><span lang="ruby">@Symbol@</span><span lang="csharp">@HttpMethod@</span>__

Expand Down
Loading