ably-js icon indicating copy to clipboard operation
ably-js copied to clipboard
verified publisher icon ably

Web push client always needs 'Push Admin' capability.

Open sdg9670f opened this issue 1 year ago • 2 comments

When a web client tries to register a worker, the client must send a request to /push/publicVapidKey. The response was a 401 error

{
	"error": {
		"message": "action not permitted, app = PgluIg",
		"code": 40160,
		"statusCode": 401,
		"nonfatal": false,
		"href": "https://help.ably.io/error/40160",
		"serverId": "frontend.7d6a.2.ap-southeast-1-A.i-06841de5220e02174.a2dzMIR8QBfHVr"
	}
}

I discovered that the API requires 'Push Admin' capability. so, Web push always requires 'Push Admin' capability.

I think it's too much permission for the client.

┆Issue is synchronized with this Jira Task by Unito

sdg9670f avatar Aug 16 '24 05:08 sdg9670f

Hey @sdg9670f,

Thank you very much for reporting this! I can confirm that it’s not correct. We are working on a fix, and I’ll let you know once it’s rolled out

ttypic avatar Aug 16 '24 11:08 ttypic

The fix is implemented on our backend and will be rolled out early next week

ttypic avatar Aug 28 '24 12:08 ttypic