Please be aware that you are viewing our bleeding edge unstable documentation. Unless you wanted to view the bleeding edge (and possibly unstable) documentation, we recommend you use our stable docs.

Go to Ably's stable canonical documentation »

I know what I'm doing, let me see the bleeding edge docs »

You are viewing our bleeding edge unstable documentation. We recommend you use our stable documentation »
Fork me on GitHub

Authentication

Ably clients can authenticate with Ably in one of two ways. They can use Basic Authentication or Token Authentication. Basic Authentication makes use of the customer’s API key) to connect with Ably. Token Authentication requires a server to provide an Ably Token, an Ably TokenRequest, an Ably JWT, or an External JWT with an embedded Ably-compatible token to the client. Token Authentication, in most cases, is the recommended strategy due to it providing robust access control and stringent security measures.

Understanding the Ably authentication schemes

This page of documentation is intended to describe the Realtime Authentication API and is not intended to explain in depth how Ably’s authentication works. If you are new to Ably and/or the authentication schemes, we strongly recommend that you get acquainted with the following first:

Tutorials

If you’re the kind of person who prefers to dive into code, we have client-server authentication tutorials.

Basic Authentication

Basic Authentication uses one of the api keys configured via the application dashboard as the authentication token. Basic Authentication is the simplest method to use but has some important limitations described in detail in the Basic Authentication documentation.

Here is a straightforward example of using Basic Authentication to connect to Ably:

var realtime = new Ably.Realtime({ key: '{{API_KEY}}' });
var realtime = new Ably.Realtime({ key: '{{API_KEY}}' });
realtime = Ably::Realtime.new(key: '{{API_KEY}}')
ClientOptions options = new ClientOptions();
options.key = "{{API_KEY}}";
AblyRealtime realtime = new AblyRealtime(options);
let realtime = ARTRealtime(key: "{{API_KEY}}")
ARTRealtime *realtime = [[ARTRealtime alloc] initWithKey:@"{{API_KEY}}"];
var realtime = AblyRealtime("{{API_KEY}}")

Token Authentication

Token Authentication uses an Ably-compatible token to authenticate with Ably. This can be an Ably Token obtained via the REST API requestTokenRequestTokenrequest_token endpoint, an Ably JWT signed by your API key, or an External JWT object with an embedded Ably-compatible token. Tokens are authentication credentials that are short-lived, and therefore they may more readily be distributed to clients where there is a risk of compromise. Tokens may also be issued with a particular scope – such as a limited set of access rights or capabilities or being limited to use by a specific clientIdClientId identity – and therefore token-based authentication provides the flexibility to implement access and identity control policies in the application. See the Token Authentication documentation for more details.

When using Token Authentication, the Realtime library requires an Ably-compatible token upon being instanced in order to authenticate with Ably. The client can either have a token specified, or a method to obtain a token. Typically you should instance it with a means to obtain a token as opposed to a short-lived token. This means that when the token expires, the library can assume the responsibility of automatically obtaining a new token and seamlessly continue operations with Ably. If you instead simply state a token, the client will be disconnected and enter the FAILED state as the library has no means to obtain a new token.

To initialize the Realtime library to a previously obtained Ably Token or Ably JWT, set the :token or :token_detailstoken or token_detailsToken or TokenDetailstoken or tokenDetails attribute of ClientOptions to said token.

To initialize the Realtime library with a means to obtain a tokens, set either the auth_url or auth_callbackAuthUrl or AuthCallbackauthUrl or authCallback attribute of ClientOptions when instancing the library.

Below is a rather contrived yet straightforward example that instances a Realtime library using Token Authentication with a means to reissue tokens as required. Typically, in a browser environment, the authUrlAuthUrl provided would be a relative URL to a local endpoint that is used to issue tokens to trusted clients. Client requests can, for example, be trusted based on session cookies. For non-browser clients, an authentication callback is preferred thus relying on your application to communicate securely with your own servers to obtain a token.

var realtime = new Ably.Realtime({ authUrl: 'http://my.website/auth' });
var realtime = new Ably.Realtime({ authUrl: 'http://my.website/auth' });
realtime = Ably::Realtime.new(auth_url: 'http://my.website/auth')
ClientOptions options = new ClientOptions();
options.authUrl = "http://my.website/auth";
AblyRealtime realtime = new AblyRealtime(options);
ARTClientOptions *options = [[ARTClientOptions alloc] init];
options.authUrl = [NSURL URLWithString:@"http://my.website/auth"];
ARTRealtime *realtime = [[ARTRealtime alloc] initWithOptions:options];
let options = ARTClientOptions()
options.authUrl = NSURL(string: "http://my.website/auth")
let realtime = ARTRealtime(options: options)
ClientOptions options = new ClientOptions();
options.AuthUrl = new Uri("http://my.website/auth");
AblyRealtime realtime = new AblyRealtime(options);

Upgrading the token on a connection

The token that a connection uses can be upgraded whilst remaining connected. When a token is nearly expired, Ably will prompt the library to request a new token (using the auth_url or auth_callbackauthUrl or authCallback). Once the library has obtained a new token, it will upgrade the connection to use the new token. This all happens automatically and seamlessly.

The token upgrade can also be triggered explicitly using Auth#authorize. This is particularly useful if you want to upgrade a token for reasons other than the old one expiring; for example, to add or remove capabilities to it. In this way it is possible to incrementally authorize new capabilities, adding them as and when they are needed. See the support article Recommendations for incrementally authorising new capabilities for discussions of different strategies for doing this.

Token Types

There are a couple of Ably-compatible tokens that you can have your server return to a client:

Ably Token

An Ably Token is obtained through a request to Ably. This can either be done by the server, which then passes on the resulting Ably Token to the respective client, or by the client making use of an Ably TokenRequest. This token can also be embedded into an External JWT as the x-ably-token claim in the JWT’s payload.

Ably JWT (JSON Web Token)

JWT is an open standard (RFC 7519) that allows for compact secure information as JSON objects. Ably supports a JWT when the JWT is signed with an Ably API key. This type of JWT is called an Ably JWT. A server can generate a JWT, and pass it to a client to be used. Unlike an Ably TokenRequest, it can be used as an actual token by the client, and the server can generate this token without the Ably library. Any third party software can be used to generate this JWT using the Ably private API key to sign it.

Auth object

The principal use-case for Auth object is to create Ably TokenRequest objects or obtain Ably Tokens from Ably, and then issue them to other “less trusted” clients. Typically, your servers should be the only devices to have a private API key, and this private API key is used to securely sign Ably TokenRequests or request Ably Tokens from Ably. Clients are then issued with short-lived Ably Tokens or Ably TokenRequests, and the libraries can then use these to authenticate with Ably. If you adopt this model, your private API key is never shared with clients directly.

A subsidiary use-case for the Auth object is to preemptively trigger renewal of a token or to acquire a new token with a revised set of capabilities by explicitly calling authorizeAuthorize.

Identified clients

When a client is authenticated and connected to Ably, they are considered to be an authenticated client. However, whilst an authenticated client has a verifiable means to authenticate with Ably, they do not necessarily have an identity. When a client is assigned a trusted identity (i.e. a client_idClientIdclientId), then they are considered to be an identified client and for all operations they perform with the Ably service, their client_idClientIdclientId field will be automatically populated and can be trusted by other clients.

For example, assuming you were building a chat application and wanted to allow clients to publish messages and be present on a channel. If each client is assigned a trusted identity by your server, such as a unique email address or UUID, then all other subscribed clients can trust any messages or presence events they receive in the channel as being from that client. No other clients are permitted to assume a client_idClientIdclientId that they are not assigned in their token or Ably TokenRequest, that is they are unable to masquerade as another client_idClientIdclientId.

In Ably a client can be identified with a client_idClientIdclientId in two ways:

We encourage customers to always issue tokens to clients so that they authenticate using the short-lived token and do not have access to a customer’s private API keys. Since the customer can then control the client_idClientIdclientId that may be used by any of its clients, all other clients can rely on the validity of the client_idClientIdclientId in published messages and of members present in presence channels.

The following example demonstrates how to issue an Ably TokenRequest with an explicit client_idClientIdclientId that, when used by a client, will then be considered an identified client.

var realtime = new Ably.Realtime({ key: '{{API_KEY}}' });
realtime.auth.createTokenRequest({ clientId: 'Bob' }, function(err, tokenRequest) {
  /* ... issue the TokenRequest to a client ... */
})
var realtime = new Ably.Realtime({ key: '{{API_KEY}}' });
realtime.auth.createTokenRequest({ clientId: 'Bob' }, function(err, tokenRequest) {
  /* ... issue the TokenRequest to a client ... */
})
realtime = Ably::Realtime.new(key: '{{API_KEY}}')
realtime.auth.createTokenRequest(client_id: 'Bob') do |token_request|
  # ... issue the TokenRequest to a client ...
end
ClientOptions options = new ClientOptions();
options.key = "{{API_KEY}}";
AblyRealtime realtime = new AblyRealtime(options);
TokenParams tokenParams = new TokenParams();
tokenParams.clientId = "Bob";
TokenRequest tokenRequest;
tokenRequest = realtime.auth.createTokenRequest(tokenParams, null);
/* ... issue the TokenRequest to a client ... */
AblyRealtime realtime = new AblyRealtime("{{API_KEY}}");
TokenParams tokenParams = new TokenParams {ClientId = "Bob"};
TokenRequest tokenRequest = await realtime.Auth.CreateTokenRequestAsync(tokenParams);
/* ... issue the TokenRequest to a client ... */
ARTRealtime *realtime = [[ARTRealtime alloc] initWithKey:@"{{API_KEY}}"];
ARTTokenParams *tokenParams = [[ARTTokenParams alloc] initWithClientId:@"Bob"];
[realtime.auth createTokenRequest:tokenParams options:nil
               callback:^(ARTTokenRequest *tokenRequest NSError *error) {
    // ... issue the TokenRequest to a client ...
}];
let realtime = ARTRealtime(key: "{{API_KEY}}")
let tokenParams = ARTTokenParams(clientId: "Bob")
realtime.auth.createTokenRequest(tokenParams, options: nil) { tokenRequest, error in
    // ... issue the TokenRequest to a client ...
}

Auth API Reference

The Auth object is available as the auth fieldAuth propertyauth propertyauth attribute of an Ably Realtime client instance.

Auth Propertiesio.ably.lib.rest.Auth MembersIO.Ably.AblyAuth PropertiesAbly::Auth AttributesARTAuth Properties

The ARTAuth object exposes the following public propertiesattributesmembers:

clientIdclient_idClientId

The client ID string, if any, configured for this client connection. See identified clients for more information on trusted client identifiers.

Auth Methodsio.ably.lib.rest.Auth MethodsIO.Ably.AblyAuth MethodsAbly::Auth MethodsARTAuth Methods

authorizeAuthorize

authorize(TokenParams tokenParams, AuthOptions authOptions, callback(ErrorInfo err, TokenDetails tokenDetails))Deferrable authorize(TokenParams token_params, AuthOptions auth_options) → yields TokenDetailsTokenDetails authorize(TokenParams tokenParams, AuthOptions authOptions)“Task:#token-details AuthorizeAsync(”TokenParams:#token-params?, AuthOptions?)authorize(tokenParams: ARTTokenParams?, authOptions: ARTAuthOptions?, callback: (ARTTokenDetails?, NSError?) → Void)

Instructs the library to get a new token immediately. Once fetched, it will upgrade the current realtime connection to use the new token, or if not connected, will initiate a connection to Ably once the new token has been obtained. Also stores any token_params and auth_optionstokenParams and authOptions passed in as the new defaults, to be used for all subsequent implicit or explicit token requests.

Any token_params and auth_optionstokenParams and authOptions objects passed in will entirely replace (as opposed to being merged with) the currently client library saved token_params and auth_optionstokenParams and authOptions.

Parameters

token_paramstokenParams
an optional object containing the token parametersan optional TokenParams object containing the Ably Token parametersan optional set of key value pairs containing the token parameters for the authorization request
Type: TokenParams
auth_optionsauthOptions
an optional object containing the authentication optionsan optional TokenParams object containing the authentication optionsan optional set of key value pairs containing the authentication options for the authorization request
Type: AuthOptions
callback
is a function of the form: function(err, tokenDetails)
&block
yields a TokenDetails object
callback
called with a ARTTokenDetails object or an error

Callback result

On success, the callback will be called with the new TokenDetails object only once the realtime connection has been successfully upgraded to use the new token.

On failure to obtain an token or upgrade the token, the connection will move to the SUSPENDED or FAILED state, and the callback will be called with err containing an NSError object with the error response as defined in the Ably REST API documentation.

The authorize callback can therefore be used to only trigger an event once the new token has taken effect. This can be useful if, for example, you want to do attach to a new channel following a new channel capability being applied to the connection.

Callback result

On success, the callback will be called with the new TokenDetails only once the realtime connection has been successfully upgraded to use the new token.

On failure to obtain a token or upgrade the token, the connection will move to the SUSPENDED or FAILED state, and the callback will be called with err containing an ErrorInfo object with the error response as defined in the Ably REST API documentation.

The authorize callback can be used to trigger an event once the new token has taken effect. This can be useful if, for example, you want to do attach to a new channel following a new channel capability being applied to the connection.

Returns

On success, a new TokenDetails is returned only once the realtime connection has been successfully upgraded to use the new Ably Token.

On failure to obtain a token or upgrade the token, the connection will move to the SUSPENDED or FAILED state and an AblyException will be raised with the error response as defined in the Ably REST API documentation.

The synchronous authorize method can therefore be used to run subsequent code only once the new token has taken effect. This can be useful if, for example, you want to do attach to a new channel following a new channel capability being applied to the connection.

Returns

Returns a Task<TokenDetails> which needs to be awaited.

On success, a new TokenDetails is returned only once the realtime connection has been successfully upgraded to use the new token.

On failure to obtain a token or upgrade the token, the connection will move to the SUSPENDED or FAILED state and an AblyException will be raised with the error response as defined in the Ably REST API documentation.

By waiting for the authorize method return value, it can be used to run subsequent code only once the new token has taken effect. This can be useful if, for example, you want to do attach to a new channel following a new channel capability being applied to the connection.

Returns

A Deferrable object is returned from this method.

On success, the registered success callbacks for the Deferrable and any block provided to this method yields a TokenDetails only once the realtime connection has been successfully upgraded to use the new token.

On failure to obtain a token or upgrade the token, the connection will move to the SUSPENDED or FAILED state, triggering the errback callbacks of the Deferrable with an ErrorInfo object with the error response as defined in the Ably REST API documentation.

The authorize callbacks can therefore be used to trigger an event once the new Ably Token has taken effect. This can be useful if, for example, you want to do attach to a new channel following a new channel capability being applied to the connection.

Example

client.auth.authorize({ clientId: 'bob' }, function(err, tokenDetails) {
  if(err) {
    console.log('An error occurred; err = ' + err.toString());
  } else {
    console.log('Success! Realtime connection upgraded with new token: ' +
      tokenDetails.token);
  }
});
client.auth.authorize({ clientId: 'bob' }, function(err, tokenDetails) {
  if(err) {
    console.log('An error occurred; err = ' + err.toString());
  } else {
    console.log('Success! Realtime connection upgraded with new token: ' +
      tokenDetails.token);
  }
});
try {
  TokenParams tokenParams = new TokenParams();
  tokenParams.clientId = "bob";
  TokenDetails tokenDetails = client.auth.authorize(tokenParams, null);
  System.out.println("Success; token = " + tokenDetails.token);
} catch(AblyException e) {
  System.out.println("An error occurred; err = " + e.getMessage());
}
try {
  TokenParams tokenParams = new TokenParams {ClientId = "bob"};
  TokenDetails tokenDetails = await client.Auth.AuthorizeAsync(tokenParams);
  Console.WriteLine("Success; Token = " + tokenDetails.Token);
} catch (AblyException e) {
  Console.WriteLine("An error occurred; Error = " + e.Message);
}
client.auth.authorize(client_id: 'bob') do |token_details|
  puts "Success; token = #{token_details.token}"
end
ARTTokenParams *tokenParams = [[ARTTokenParams alloc] initWithClientId:@"Bob"];
[client.auth authorize:tokenParams options:nil callback:^(ARTTokenDetails *tokenDetails, NSError *error) {
    if (error) {
        NSLog(@"An error occurred; err = %@", error);
    } else {
        NSLog(@"Success; token = %@", tokenDetails.token);
    }
}];
let tokenParams = ARTTokenParams(clientId: "Bob")
client.auth.authorize(tokenParams, options: nil) { tokenDetails, error in
    guard let tokenDetails = tokenDetails else {
        print("An error occurred; err = \(error!)")
        return
    }
    print("Success; token = \(tokenDetails.token)")
}
createTokenRequestcreate_token_requestCreateTokenRequestAsync

createTokenRequest(TokenParams tokenParams, AuthOptions authOptions, callback(ErrorInfo err, TokenRequest tokenRequest))Deferrable create_token_request(TokenParams token_params, AuthOptions auth_options) → yields TokenRequestTokenRequest createTokenRequest(TokenParams tokenParams, AuthOptions authOptions)Task<TokenRequest> CreateTokenRequestAsync(TokenParams tokenParams, AuthOptions authOptions)createTokenRequest(tokenParams: ARTTokenParams?, options: ARTAuthOptions?, callback: (ARTTokenRequest?, NSError?) → Void)

Creates and signs an Ably TokenRequest based on the specified (or if none specified, the client library stored) token_params and auth_optionstokenParams and authOptions. Note this can only be used when the API key value is available locally. Otherwise, the Ably TokenRequest must be obtained from the key owner. Use this to generate Ably TokenRequests in order to implement an Ably Token request callback for use by other clients.

Both auth_options and token_paramsauthOptions and tokenParams are optional. When omitted or null, the default token parameters and authentication options for the client library are used, as specified in the ClientOptions when the client library was instanced, or later updated with an explicit authorizeAuthorize request. Values passed in will be used instead of (rather than being merged with) the default values.

To understand why an Ably TokenRequest may be issued to clients in favor of a token, see Token Authentication explained.

Parameters

token_paramstokenParams
an optional object containing the token parametersan optional TokenParams object containing the token parametersan optional set of key value pairs containing the token parameters for the Ably Token request
Type: TokenParams
auth_optionsauthOptions
an optional object containing the authentication optionsan optional TokenParams object containing the authentication optionsan optional set of key value pairs containing the authentication optionsan optional ARTTokenParams containing the authentication options
Type: AuthOptions
callback
is a function of the form: function(err, tokenRequest)
&block
yields a TokenRequest object
callback
called with a ARTTokenRequest object or an error

Callback result

On success, tokenRequest contains a TokenRequest JSON object.

On failure to issue a TokenRequest, err contains an ErrorInfo object with an error response as defined in the Ably REST API documentation.

Returns

On success, a TokenRequest object is returned.

Failure to issue a TokenRequest will raise an AblyException.

Returns

Returns a Task<TokenRequest> which needs to be awaited.

On success, a TokenRequest object is returned.

Failure to issue a TokenRequest will raise an AblyException.

Returns

A Deferrable object is returned from this method.

On success, the registered success callbacks for the Deferrable and any block provided to this method yields a TokenRequest object.

Failure to issue a TokenRequest will trigger the errback callbacks of the Deferrable with an ErrorInfo object containing an error response as defined in the Ably REST API documentation.

Example

client.auth.createTokenRequest({ clientId: 'bob' }, function(err, tokenRequest) {
  if(err) {
    console.log('An error occurred; err = ' + err.message);
  } else {
    console.log('Success; token request = ' + tokenRequest);
  }
});
client.auth.createTokenRequest({ clientId: 'bob' }, function(err, tokenRequest) {
  if(err) {
    console.log('An error occurred; err = ' + err.message);
  } else {
    console.log('Success; token request = ' + tokenRequest);
  }
});
try {
  TokenParams tokenParams = new TokenParams();
  tokenParams.clientId = "bob";
  TokenRequest tokenRequest = client.auth.createTokenRequest(tokenParams, null);
  System.out.println("Success; token request issued");
} catch(AblyException e) {
  System.out.println("An error occurred; err = " + e.getMessage());
}
try {
    TokenParams tokenParams = new TokenParams {ClientId = "bob"};
    TokenRequest tokenRequest = await client.Auth.CreateTokenRequestAsync(tokenParams);
    Console.WriteLine("Success; token request issued");
} catch (AblyException e) {
    Console.WriteLine("An error occurred; err = " + e.Message);
}
client.auth.create_token_request(client_id: 'bob') do |token_request|
  puts "Success; token request = #{token_request}"
end
ARTTokenParams *tokenParams = [[ARTTokenParams alloc] initWithClientId:@"Bob"];
[client.auth createTokenRequest:tokenParams options:nil callback:^(ARTTokenRequest *tokenRequest, NSError *error) {
    if (error) {
        NSLog(@"An error occurred; err = %@", error);
    } else {
        NSLog(@"Success; token request = %@", tokenRequest);
    }
}];
let tokenParams = ARTTokenParams(clientId: "Bob")
client.auth.createTokenRequest(tokenParams, options: nil) { tokenRequest, error in
    guard let tokenRequest = tokenRequest else {
        print("An error occurred; err = \(error!)")
        return
    }
    print("Success; token request = \(tokenRequest)")
}
requestTokenrequest_tokenRequestTokenAsync

requestToken(TokenParams tokenParams, AuthOptions authOptions, callback(ErrorInfo err, TokenDetails tokenDetails))Deferrable request_token(TokenParams token_params, AuthOptions auth_options) → yields TokenDetailsTokenDetails requestToken(TokenParams tokenParams, AuthOptions authOptions)async Task<TokenDetails> RequestTokenAsync(TokenParams? tokenParams, AuthOptions? options)requestToken(tokenParams: ARTTokenParams?, withOptions: ARTAuthOptions?, callback: (ARTTokenDetails?, NSError?) → Void)

Calls the requestToken REST API endpoint to obtain an Ably Token according to the specified token_params and auth_optionstokenParams and authOptions.

Both auth_options and token_paramsauthOptions and tokenParams are optional. When omitted or null, the default token parameters and authentication options for the client library are used, as specified in the ClientOptions when the client library was instanced, or later updated with an explicit authorizeAuthorize request. Values passed in will be used instead of (rather than being merged with) the default values.

To understand why an Ably TokenRequest may be issued to clients in favor of a token, see Token Authentication explained.

Parameters

token_paramstokenParams
an optional object containing the token parametersan optional TokenParams object containing the token parametersan optional set of key value pairs containing the token parameters for the requested token
Type: TokenParams
auth_optionsauthOptions
an optional object containing the authentication optionsan optional TokenParams object containing the authentication optionsan optional set of key value pairs containing the authentication options for the requested Ably Token
Type: AuthOptions
callback
is a function of the form: function(err, tokenDetails)
&block
yields a TokenDetails object
callback
called with a ARTTokenDetails object or an error

Callback result

On success, tokenDetails contains a TokenDetails object containing the details of the new Ably Token along with the token string.

On failure to obtain an Ably Token, err contains an ErrorInfoNSError object with an error response as defined in the Ably REST API documentation.

Returns

On success, a TokenDetails object containing the details of the new Ably Token along with the token string is returned.

Failure to obtain an Ably Token will raise an AblyException.

Returns

Returns a Task<TokenDetails> which needs to be awaited.

On success, a TokenDetails object containing the details of the new Ably Token along with the token string is returned.

Failure to obtain an Ably Token will raise an AblyException.

Returns

A Deferrable object is returned from this method.

On success, the registered success callbacks for the Deferrable and any block provided to this method yields a TokenDetails object containing the details of the new Ably Token along with the token string.

Failure to obtain an Ably Token will trigger the errback callbacks of the Deferrable with an ErrorInfo object containing an error response as defined in the Ably REST API documentation.

Example

client.auth.requestToken({ clientId: 'bob'}, function(err, tokenDetails){
  if(err) {
    console.log('An error occurred; err = ' + err.message);
  } else {
    console.log('Success; token = ' + tokenDetails.token);
  }
});
client.auth.requestToken({ clientId: 'bob'}, function(err, tokenDetails){
  if(err) {
    console.log('An error occurred; err = ' + err.message);
  } else {
    console.log('Success; token = ' + tokenDetails.token);
  }
});
client.auth.request_token(client_id: 'bob') do |token_details|
  puts "Success; token = #{token_details.token}"
end
try {
  TokenParams tokenParams = new TokenParams();
  tokenParams.clientId = "bob";
  TokenDetails tokenDetails = client.auth.requestToken(tokenParams, null);
  System.out.println("Success; token = " + tokenDetails.token);
} catch(AblyException e) {
  System.out.println("An error occurred; err = " + e.getMessage());
}
try {
  TokenParams tokenParams = new TokenParams {ClientId = "bob"};
  TokenDetails tokenDetails = await client.Auth.RequestTokenAsync(tokenParams);
  Console.WriteLine("Success; token = " + tokenDetails.Token);
} catch (AblyException e) {
  Console.WriteLine("An error occurred; err = " + e.Message);
}
ARTTokenParams *tokenParams = [[ARTTokenParams alloc] initWithClientId:@"Bob"];
[client.auth requestToken:tokenParams withOptions:nil callback:^(ARTTokenDetails *tokenDetails, NSError *error) {
  if (error) {
    NSLog(@"An error occurred; err = %@", error);
  } else {
    NSLog(@"Success; token = %@", tokenDetails.token);
  }
}];
let tokenParams = ARTTokenParams(clientId: "Bob")
client.auth.requestToken(tokenParams, withOptions: : nil) { tokenDetails, error in
  guard let tokenDetails = tokenDetails else {
    print("An error occurred; err = \(error!)")
    return
}
  print("Success; token = \(tokenDetails.token)")
}

AuthOptions ObjectARTAuthOptionsAuthOptions Hashio.ably.lib.rest.Auth.AuthOptionsIO.Ably.AuthOptions

AuthOptions is a plain Javascript object and is used when making authentication requests. If passed in, an authOptions object will be used instead of (as opposed to supplementing or being merged with) the default values given when the library was instanced. The following attributes are supported:

AuthOptions is a Hash object and is used when making authentication requests. These options will supplement or override the corresponding options given when the library was instanced. The following key symbol values can be added to the Hash:

AuthOptions is a Dict and is used when making authentication requests. These options will supplement or override the corresponding options given when the library was instanced. The following key symbol values can be added to the Dict:

AuthOptions is an Associative Array and is used when making authentication requests. These options will supplement or override the corresponding options given when the library was instanced. The following named keys and values can be added to the Associative Array:

ARTAuthOptions is used when making authentication requests. These options will supplement or override the corresponding options given when the library was instanced.

PropertiesMembersAttributesAttributes

authCallbackAuthCallbackauth_callback:auth_callback
A functionfunction with the form function(tokenParams, callback(err, tokenOrTokenRequest))TokenCallback instancecallable (eg a lambda)proc / lambda (called synchronously in REST and Realtime but does not block EventMachine in the latter) which is called when a new Ably-compatible token is required. The role of the callback is to generate a signed Ably TokenRequest which may then be submitted automatically by the library to the Ably REST API requestToken, provide a valid Ably Token in as a TokenDetails object, provide a valid Ably JWT, or an External JWT containing an Ably-compatible token. See an authentication callback example or our authentication documentation for details of the Ably TokenRequest format and associated API calls.
Type: CallableTokenCallbackProcFunc<TokenParams, Task<TokenDetails>>
authUrlAuthUrl:auth_urlauth_url
A URL that the library may use to obtain an Ably Token string (in plain text format), a signed TokenRequest or TokenDetails (in JSON format), or an Ably JWT. For example, this can be used by a client to obtain signed Ably TokenRequests from an application server.
Type: StringUriNSURL
authMethodAuthMethod:auth_methodauth_method
GET:get The HTTP verb to use for the request, either GET:get or POST:post
Type: StringSymbolHttpMethod
authHeadersAuthHeaders:auth_headersauth_headers
A set of key value pair headers to be added to any request made to the authUrlAuthUrl. Useful when an application requires these to be added to validate the request or implement the response. If the authHeaders object contains an authorization key, then withCredentials will be set on the xhr request.
Type: ObjectHashAssociative ArrayParam[]Dictionary<string, string>NSDictionary<String *, String *>[String, String]/Dictionary<String, String>
authParamsAuthParams:auth_paramsauth_params
A set of key value pair params to be added to any request made to the authUrlAuthUrl. When the authMethodAuthMethod is GET, query params are added to the URL, whereas when authMethodAuthMethod is POST, the params are sent as URL encoded form data. Useful when an application require these to be added to validate the request or implement the response.
Type: ObjectHashAssociative ArrayParam[]Dictionary<string, string>NSArray<NSURLQueryItem *>[NSURLQueryItem]/Array<NSURLQueryItem>
keyKey:keykey
Optionally the API key to use can be specified as a full key string; if not, the API key passed into ClientOptions when instancing the Realtime or REST library is used
Type: String
queryTimeQueryTime:query_timequery_time
false If true, the library will query the Ably servers for the current time instead of relying on a locally-available time of day. Knowing the time accurately is needed to create valid signed Ably TokenRequests, so this option is useful for library instances on auth servers if the server clock is insufficiently accurate. The server is queried only once per client library instance, and used to calculate and store the offset from the local clock.
Type: Boolean
tokenToken:tokentoken
An authenticated token string that is most commonly obtained from the tokenToken property of a TokenDetails component of an Ably Token request response. Use this option if you wish to use Token authentication. Read more about Token authentication
Type: String
tokenDetailsTokenDetails:token_detailstoken_details
An authenticated TokenDetails object that is most commonly obtained from of a Ably Token request response. Use this option if you wish to use Token authentication. Read more about Token authentication
Type: TokenDetails

TokenDetails ObjectARTTokenDetailsio.ably.lib.types.TokenDetailsAbly::Models::TokenDetailsIO.Ably.TokenDetails

TokenDetails is a type providing details of Ably Token string and its associated metadata.

PropertiesMembersAttributes

tokenToken
The Ably Token itself. A typical Ably Token string may appear like {{TOKEN}}
Type: String
expiresExpires
The time (in milliseconds since the epoch)The time at which this token expires
Type: IntegerLong IntegerDateTimeOffsetTimeNSDate
issuedIssued
The time (in milliseconds since the epoch)The time at which this token was issued
Type: IntegerLong IntegerDateTimeOffsetTimeNSDate
capabilityCapability
The capability associated with this Ably Token. The capability is a a JSON stringified canonicalized representation of the resource paths and associated operations. Read more about authentication and capabilities
Type: StringCapability
clientIdclient_idClientId
The client ID, if any, bound to this Ably Token. If a client ID is included, then the Ably Token authenticates its bearer as that client ID, and the Ably Token may only be used to perform operations on behalf of that client ID. The client is then considered to be an identified client
Type: String

Methods

expired?
True when the token has expired
Type: Boolean

Methods

is_expired()
True when the token has expired
Type: Boolean

Methods

IsValidToken()
True if the token has not expired
Type: Boolean

TokenDetails constructors

TokenDetails.fromJsonTokenDetails.from_json

TokenDetails.fromJson(String json) → TokenDetailsTokenDetails.from_json(String json) → TokenDetails

TokenDetails.fromJson(Object json) → TokenDetailsTokenDetails.from_json(Object json) → TokenDetails

A static factory method to create a TokenDetails from a deserialized TokenDetails-like object or a JSON stringified TokenDetails. This method is provided to minimize bugs as a result of differing types by platform for fields such as timestamp or ttl. For example, in Ruby ttl in the TokenDetails object is exposed in seconds as that is idiomatic for the language, yet when serialized to JSON using to_json it is automatically converted to the Ably standard which is milliseconds. By using the fromJson method when constructing a TokenDetails, Ably ensures that all fields are consistently serialized and deserialized across platforms.

Parameters

json
a TokenDetails-like deserialized object or JSON stringified TokenDetails.
Type: Object, String

Returns

A TokenDetails object

TokenParams ObjectARTTokenParamsTokenParams Hashio.ably.lib.rest.Auth.TokenParamsIO.Ably.TokenParams

TokenParams is a plain Javascript object and is used in the parameters of token authentication requests, corresponding to the desired attributes of the Ably Token. The following attributes can be defined on the object:

TokenParams is a Hash object and is used in the parameters of token authentication requests, corresponding to the desired attributes of the Ably Token. The following key symbol values can be added to the Hash:

TokenParams is a Dict and is used in the parameters of token authentication requests, corresponding to the desired attributes of the Ably Token. The following keys-value pairs can be added to the Dict:

TokenParams is an Associative Array and is used in the parameters of token authentication requests, corresponding to the desired attributes of the Ably Token. The following named keys and values can be added to the Associative Array:

TokenParams is used in the parameters of token authentication requests, corresponding to the desired attributes of the Ably Token.

ARTTokenParams is used in the parameters of token authentication requests, corresponding to the desired attributes of the Ably Token.

PropertiesMembersAttributesAttributes

capabilityCapability:capability
JSON stringified capability of the Ably Token. If the Ably Token request is successful, the capability of the returned Ably Token will be the intersection of this capability with the capability of the issuing key. Find our more about how to use capabilities to manage access privileges for clients. Type: StringCapability
clientIdClientIdclient_id:client_id
A client ID, used for identifying this client when publishing messages or for presence purposes. The clientIdclient_idClientId can be any non-empty string. This option is primarily intended to be used in situations where the library is instanced with a key; note that a clientIdclient_idClientId may also be implicit in a token used to instance the library; an error will be raised if a clientIdclient_idClientId specified here conflicts with the clientIdclient_idClientId implicit in the token. Find out more about client identities
Type: String
nonceNonce:nonce
An optional opaque nonce string of at least 16 characters to ensure uniqueness of this request. Any subsequent request using the same nonce will be rejected.
Type: String
timestamptimestamp:timestamp
The timestamp (in milliseconds since the epoch)The timestamp of this request. timestamp, in conjunction with the nonce, is used to prevent requests for Ably Token from being replayed.
Type: IntegerLong IntegerTimeNSDateDateTimeOffset
ttlTtl:ttl
1 hour Requested time to live for the Ably Token being created in millisecondsin secondsas a NSTimeIntervalas a TimeSpan. When omitted, the Ably REST API default of 60 minutes is applied by Ably
Type: Integer (milliseconds)Integer (seconds)NSTimeIntervalLong IntegerTimeSpan

TokenRequest ObjectARTTokenRequestAbly::Models::TokenRequestio.ably.lib.rest.Auth.TokenRequestIO.Ably.TokenRequest

TokenRequest is a type containing parameters for an Ably TokenRequest. Ably Tokens are requested using Auth#requestTokenAuth#request_token

PropertiesMembersAttributes

keyNamekey_nameKeyName
The key name of the key against which this request is made. The key name is public, whereas the key secret is private
Type: String
ttlTtl
Requested time to live for the Ably Token in millisecondsin secondsas a TimeSpan. If the Ably TokenRequest is successful, the TTL of the returned Ably Token will be less than or equal to this value depending on application settings and the attributes of the issuing key.
Type: IntegerTimeSpanNSTimeInterval
timestampTimestamp
The timestamp of this request in milliseconds
Type: IntegerLong IntegerTimeDateTimeOffsetNSDate
capabilityCapability
Capability of the requested Ably Token. If the Ably TokenRequest is successful, the capability of the returned Ably Token will be the intersection of this capability with the capability of the issuing key. The capability is a JSON stringified canonicalized representation of the resource paths and associated operations. Read more about authentication and capabilities
Type: String
clientIdclient_idClientId
The client ID to associate with the requested Ably Token. When provided, the Ably Token may only be used to perform operations on behalf of that client ID
Type: String
nonceNonce
An opaque nonce string of at least 16 characters
Type: String
macMac
The Message Authentication Code for this request
Type: String

TokenRequest constructors

TokenRequest.fromJsonTokenRequest.from_json

TokenRequest.fromJson(String json) → TokenRequestTokenRequest.from_json(String json) → TokenRequest

TokenRequest.fromJson(Object json) → TokenRequestTokenRequest.from_json(Object json) → TokenRequest

A static factory method to create a TokenRequest from a deserialized TokenRequest-like object or a JSON stringified TokenRequest. This method is provided to minimize bugs as a result of differing types by platform for fields such as timestamp or ttl. For example, in Ruby ttl in the TokenRequest object is exposed in seconds as that is idiomatic for the language, yet when serialized to JSON using to_json it is automatically converted to the Ably standard which is milliseconds. By using the fromJson method when constructing a TokenRequest, Ably ensures that all fields are consistently serialized and deserialized across platforms.

Parameters

json
a TokenRequest-like deserialized object or JSON stringified TokenRequest.
Type: Object, String

Returns

A TokenRequest object


Back to top