Access Manager v3 is a new cryptographic, token-based permission administrator that allows you to regulate clients' access to PubNub resources.
Access Manager v3 significantly lowers latency and provides higher operational stability. It moved the complexity of the Access Manager logic from authorization request to grant request. The new flow guarantees that tokens returned by the grant API will work immediately. It also offers an increased set of security options and improves permission management flexibility.
What are the differences between v2 and v3?
Feature | Access Manager v2 | Access Manager v3 |
Authentication method | Authentication key generated by the client. | Token generated by PubNub upon a grant request made by the server. |
Permissions storage | Permissions are stored as an access control list (ACL) in the database on the PubNub server. | Permissions are embedded in a token (self-contained). |
Permissions expiration | Each resource has its own unique ttl (time to live). |
There is one ttl that's set at a token level. |
Authorization check latency | Database lookup is required and that increases latency. | Instant check as permissions are embedded in the token. |
Grant latency | High latency | Low latency - clients can connect immediately after they receive tokens. |
Pattern-based permissions | It supports only one-level wildcard notations (a.* ) for the channel resource. |
It supports RegEx for channels , groups (channel groups), and userIds . |
Revokes | You can revoke permissions by making a new grant request with changed permissions. | The revokeToken() method allows you to disable an existing token and revoke all permissions embedded within. |
Multiple permission grants | You must make separate API calls for multiple permission sets. | You can make a single API call to define multiple permission sets for a given authorized userId. |
How do I migrate from v2 to v3?
1. Remove authKey
from your client-side configuration and prepare the logic to set the token:
Node.js
const pubnub = new PubNub({
subscribeKey: "mySubscribeKey",
publishKey: "myPublishKey",
userId: "myUniqueuserId"
});
pubnub.setToken("yourToken");
2. Update your server-side grant APIs code:
Node.js
const pubnub = new PubNub({
subscribeKey: 'mySubscribeKey',
publishKey: 'myPublishKey',
secretKey: 'secretKey'
userId: 'myUniqueuserId',
});
pubnub.grantToken(
{
ttl: 15,
authorized_uuid: "myAuthorizeduserId",
resources: {
channels: {
"myChannel": {
read: true // False to disallow
}
}
}
}, function(status, token) {
console.log(token);
// Provide logic to return this token to your client
}
);
For more information about Access Manager v3, please check:
PubNub Access Manager v3 Migration Guide
Manage Permissions with Access Manager v3
If you have any questions, please contact us at support@pubnub.com.