Can't refresh token via client call – permission denied

It seems like it’s impossible to grant access to the current token modification. I want to be able to let my users refresh their token and mark the old one as the used one. Is there a common path on this road? Is creating a separate “token” collection for this purpose is the only way?

This looks related to your earlier question: Server role has insufficient privileges

You can provide permission to Tokens and Keys in a custom Role.

CreateRole({
  name: "RoleToUpdateTokens",
  privileges: [
    {
      resource: Tokens(),
      actions: {
        read: true,
        write: true,
        create: true,
        delete: true,
        history_read: true,
        history_write: true
      }
    }
  ],
  membership: []
})

Thank you!

But I don’t want user to be able to mess up with tokens directly. I want him to be able to only call UDF that does exactly what I want. Otherwise, user may manually make his token live forever or delete all the tokens etc.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.