You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/pages/docs/api/realtime-sdk/authentication.mdx
+22-22Lines changed: 22 additions & 22 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -23,29 +23,29 @@ redirect_from:
23
23
24
24
This is the Authentication API Reference.
25
25
26
-
## Tokens <aid="#tokens" />
26
+
## Tokens <aid="tokens" />
27
27
28
28
In the documentation, references to Ably-compatible tokens typically refer either to an Ably Token, or an [Ably JWT](#ably-jwt). For Ably Tokens, this can either be referring to the `TokenDetails` object that contain the `token` string or the token string itself. `TokenDetails` objects are obtained when [requesting an Ably Token](#request-token) from the Ably service and contain not only the `token` string in the `token` attribute, but also contain attributes describing the properties of the Ably Token. For [Ably JWT](#ably-jwt), this will be simply referring to a JWT which has been signed by an Ably private API key.
29
29
30
-
## Auth object <aid="#auth-object" />
30
+
## Auth object <aid="auth-object" />
31
31
32
32
The principal use-case for the `Auth` object is to create Ably [`TokenRequest`](#token-request) objects with [createTokenRequest](#create-token-request) or obtain [Ably Tokens](#token-details) from Ably with [requestToken](#request-token), and then issue them to other "less trusted" clients. Typically, your servers should be the only devices to have a [private API key](/docs/auth#api-key), and this private API key is used to securely sign Ably [`TokenRequest`](#token-request) objects or request [Ably Tokens](#token-details) from Ably. Clients are then issued with these short-lived [Ably Tokens](#token-details) or Ably [`TokenRequest`](#token-request) objects, and the libraries can then use these to authenticate with Ably. If you adopt this model, your private API key is never shared with clients directly.
33
33
34
34
A subsidiary use-case for the `Auth` object is to preemptively trigger renewal of a token or to acquire a new token with a revised set of capabilities by explicitly calling <Iflang="javascript,nodejs,java,objc,ruby,swift">[`authorize`](#authorize)</If><Iflang="csharp">[`Authorize`](#authorize)</If>.
35
35
36
36
The Auth object is available as the <Iflang="java">[`auth` field](/docs/api/realtime-sdk#auth)</If><Iflang="csharp">[`Auth` property](/docs/api/realtime-sdk#auth)</If><Iflang="javascript,nodejs,objc,swift">[`auth` property](/docs/api/realtime-sdk#auth)</If><Iflang="ruby">[`auth` attribute](/docs/api/realtime-sdk#auth)</If> of an [Ably Realtime client instance](/docs/api/realtime-sdk#constructor).
The <Iflang="objc,swift">`ART`</If>`Auth` object exposes the following public <Iflang="javascript,nodejs,csharp,objc,swift">properties</If><Iflang="ruby">attributes</If><Iflang="java">members</If>:
The client ID string, if any, configured for this client connection. See [identified clients](/docs/auth/identified-clients) for more information on trusted client identifiers.
| <Iflang="javascript,nodejs,java,objc,swift">queryTime</If><Iflang="csharp,go">QueryTime</If><Iflang="ruby">:query_time</If> |_false_ If true, the library will query the Ably servers for the current time when [issuing TokenRequests](/docs/auth/token) instead of relying on a locally-available time of day. Knowing the time accurately is needed to create valid signed Ably [TokenRequests](/docs/auth/token), so this option is useful for library instances on auth servers where for some reason the server clock cannot be kept synchronized through normal means, such as an [NTP daemon](https://en.wikipedia.org/wiki/Ntpd) . The server is queried for the current time once per client library instance (which stores the offset from the local clock), so if using this option you should avoid instancing a new version of the library for each request. |`Boolean`|
804
804
| <If lang="javascript,nodejs,java,objc,swift">token</If><If lang="csharp,go">Token</If><If lang="ruby">:token</If> | An authentication token. This can either be a [`TokenDetails`](/docs/api/realtime-sdk/types#token-details) object, a [`TokenRequest`](/docs/api/realtime-sdk/types#token-request) object, or token string (obtained from the <If lang="javascript,nodejs,java,objc,swift">`token`</If><If lang="csharp,go">`Token`</If> property of a [`TokenDetails`](/docs/api/realtime-sdk/types#token-details) component of an Ably TokenRequest response, or a [JSON Web Token](https://tools.ietf.org/html/rfc7519) satisfying [the Ably requirements for JWTs](/docs/auth/token/jwt)). This option is mostly useful for testing: since tokens are short-lived, in production you almost always want to use an authentication method that allows the client library to renew the token automatically when the previous one expires, such as <If lang="javascript,nodejs,java,objc,swift">`authUrl`</If><If lang="csharp">AuthUrl</If><If lang="ruby">:auth_url</If><If lang="python">auth_url</If> or <If lang="javascript,nodejs,java,objc,swift">authCallback</If><If lang="csharp">AuthCallback</If><If lang="python">auth_callback</If><If lang="ruby">:auth_callback</If>. Read more about [Token authentication](/docs/auth/token) | `String`, `TokenDetails` or `TokenRequest` |
@@ -900,7 +900,7 @@ A [`TokenDetails`](/docs/api/realtime-sdk/types#token-details) object
900
900
| <Iflang="javascript,nodejs,java,objc,swift">timestamp</If><Iflang="csharp">Timestamp</If><Iflang="ruby">:timestamp</If> | <Iflang="javascript,nodejs,java">The timestamp (in milliseconds since the epoch)</If><Iflang="ruby,objc,swift,csharp">The timestamp</If> of this request. `timestamp`, in conjunction with the `nonce`, is used to prevent requests for [Ably Token](/docs/api/realtime-sdk/authentication#token-details) from being replayed. | <Iflang="javascript,nodejs">`Integer`</If><Iflang="java">`Long Integer`</If><Iflang="ruby">`Time`</If><Iflang="objc,swift">`NSDate`</If><Iflang="csharp">`DateTimeOffset`</If><Iflang="flutter">`DateTime`</If> |
901
901
| <Iflang="javascript,nodejs,java,objc,swift">ttl</If><Iflang="csharp">Ttl</If><Iflang="ruby">:ttl</If> | Requested time to live for the [Ably Token](/docs/api/realtime-sdk/authentication#token-details) being created <Iflang="javascript,nodejs,java">in milliseconds</If><Iflang="ruby">in seconds</If><Iflang="objc,swift">as a `NSTimeInterval`</If><Iflang="csharp">as a `TimeSpan`.</If> When omitted, the Ably REST API default of 60 minutes is applied by Ably. <br />_Default: 1 hour_| <Iflang="javascript,nodejs">`Integer` (milliseconds)</If><Iflang="ruby">`Integer` (seconds)</If><Iflang="objc,swift">`NSTimeInterval`</If><Iflang="java">`Long Integer`</If><Iflang="csharp">`TimeSpan`</If> |
`TokenRequest` is a type containing parameters for an Ably `TokenRequest`. [Ably Tokens](/docs/api/realtime-sdk/authentication#token-details) are requested using <Iflang="javascript,nodejs,java,csharp,objc,swift">[Auth#requestToken](/docs/api/rest-sdk/authentication#request-token)</If><Iflang="ruby">[Auth#request_token](/docs/api/rest-sdk/authentication#request-token)</If>
906
906
@@ -918,7 +918,7 @@ A [`TokenDetails`](/docs/api/realtime-sdk/types#token-details) object
@@ -944,7 +944,7 @@ A <If lang="javascript,nodejs,java,csharp,objc,swift,ruby">static factory method
944
944
945
945
A [`TokenRequest`](/docs/api/realtime-sdk/types#token-request) object
946
946
947
-
### Ably JWT <aid="#ably-jwt" />
947
+
### Ably JWT <aid="ably-jwt" />
948
948
949
949
An Ably JWT is not strictly an Ably construct, rather it is a [JWT](https://jwt.io/) which has been constructed to be compatible with Ably. The JWT must adhere to the following to ensure compatibility:
A `BatchResult` contains information about the results of a batch operation.
999
999
@@ -1005,7 +1005,7 @@ A `BatchResult` contains information about the results of a batch operation.
1005
1005
| failureCount | The number of unsuccessful operations in the request |`Number`|
1006
1006
| messages | An array of results for the batch operation (for example, an array of [`BatchPublishSuccessResult`](/docs/api/realtime-sdk/types#batch-publish-success-result) or [`BatchPublishFailureResult`](/docs/api/realtime-sdk/types#batch-publish-failure-result) for a channel batch publish request) |`Object[]`|
A `TokenRevocationOptions` describes the additional options accepted by revoke tokens request.
1022
1022
@@ -1028,7 +1028,7 @@ A `TokenRevocationOptions` describes the additional options accepted by revoke t
1028
1028
| allowReauthMargin |_false_ If true, permits a token renewal cycle to take place without needing established connections to be dropped, by postponing enforcement to 30 seconds in the future, and sending any existing connections a hint to obtain (and upgrade the connection to use) a new token. The default is `false`, meaning that the effect is near-immediate. |`Boolean`|
0 commit comments