ably-java icon indicating copy to clipboard operation
ably-java copied to clipboard
verified publisher icon ably

accessToken query param used when AblyRealtime is instantiated with an incorrect API key

Open mclark-ably opened this issue 1 year ago • 2 comments

Bit of a minor but found a strange behaviour when using ably-java

if the following is used (with an incorrect API key) :

ClientOptions options = new ClientOptions("1234");
options.logLevel = Log.VERBOSE;
AblyRealtime realtime = new AblyRealtime(options);

The request is made to wss://realtime.ably.io:443/?accessToken=1234 and the error is trying to be made with a token (ERROR): io.ably.lib.transport.ConnectionManager: onMessage(): ERROR message received; message = Invalid accessToken in request: 1234. (See https://help.ably.io/error/40005 for help.); code = 40005

However with the following:

ClientOptions options = new ClientOptions();
options.logLevel = Log.VERBOSE;
options.key = "12234";
AblyRealtime realtime = new AblyRealtime(options);

The request is made to wss://realtime.ably.io:443/?key=12234 and the error is (ERROR): io.ably.lib.transport.ConnectionManager: onMessage(): ERROR message received; message = Invalid key in request: 12234. (See https://help.ably.io/error/40005 for help.); code = 40005

looks like it comes from the logic in the AuthOptions constructor which sets the client to use token auth if no colon is found in the passed in string https://github.com/ably/ably-java/blob/e0e23176c717406f0c9a0e96752b6dc8d6663e47/lib/src/main/java/io/ably/lib/rest/Auth.java#L184

┆Issue is synchronized with this Jira Task by Unito

mclark-ably avatar Aug 19 '24 12:08 mclark-ably

I don't think it's a bug. The implementation is definitely non-obvious, but we're not going to change it because it would be a breaking change, and some SDK users might rely on this behavior. With the next major release we are going to get rid of public properties in classes and provide idiomatic builders instead.

ttypic avatar Aug 19 '24 19:08 ttypic

Thanks @ttypic it was just confusing to see that the SDK logged that it was using token auth e.g.

I/System.out(18365): (INFO): Auth(): using token auth with supplied token only

when the client was instantiated like this (this was from a flutter client on Android)

var clientOptions = ably.ClientOptions(
        key: Env.ablyApiKey,
      );

mclark-ably avatar Aug 21 '24 08:08 mclark-ably