-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
createTokenRequest without key option #21
Comments
I see also that the keyValue does not behave like it should in the documentation:
I get the error 'No key specified' |
One more issue, the token request Hash that is returned has a Hash object for the capability element, but it should be a Stringified JSON object. I believe if you receive a JSON capability the client library should be default Stringify it. Example request: new Ably.Realtime({ key: apiKey }).auth.createTokenRequest(
{ keyId: keyId, keyValue: keyValue },
{ "ttl": 600, "capability": { "*":["*"] } }, function(token) {
console.log(token);
)
'{
"id": "xVLyHw.lwnKYQ",
"ttl": 600,
"capability": {
"*": [
"*"
]
},
"timestamp": 1427235284,
"nonce": "0452151051722466",
"mac": "XslUpDsA5OQ7PSMKcrdb3IpMXNJg5VPXMyjVAgwsKyc="
}' |
Resolved |
See ably/ably-js#21, which should mean this was not required
I do not believe this is fixed unfortunately, see ably/docs@7c60e3b which I had to do now to get |
See ably/ably-js#21, which should mean this was not required
See https://jsbin.ably.io/anadag/3/edit, this is not fixed. |
@SimonWoolf : could you have a look at this please? |
@mattheworiordan Addressed both in #83. Good spot re stringifying the createTokenRequest -- without that the capability part of the signText was just "[object Object]". (edit: removed inaccurate suggestion) |
Hopefully ok: https://github.com/ably/realtime/blob/master/common/lib/security/authmgr.js#L391-L392 |
In the Ably Ruby library when calling createTokenRequest, if an API key has been specified in the constructor, then there is no need to specify a key ID in the createTokenRequest method. Given most people will only issue tokens for the set up API key and we treat API keys as opaque (i.e. key ID is not really relevant), I recommend we change the createTokenRequest in the JS client library so that:
The text was updated successfully, but these errors were encountered: