How to create auth token for the inbox?

I’m using inbox from @trycourier/react-inbox and could not find in the documentation how to generate a token for a user to authorize it. Available Scopes don’t seem be complete

I was trying to generate a token on the backend via POST /auth/issue-token with "scope": "user_id:ID inbox:read:messages", but the inbox will make more queries, for example query InitialState and your API will return 401.
One interesting thing is that if this token sent to request will always return 401, but query GetInboxMessages to will succeed with empty messages:

    "totalCount": 0,
    "pageInfo": {
        "startCursor": null,
        "hasNextPage": false,
        "__typename": "PageInfo"
    "nodes": [],
    "__typename": "InboxConnection"

Look at my other ticket where I described this strange behavior with different enpoints React SDK is not in sync with Courier API

The code I’m trying to get working:

import { Inbox } from '@trycourier/react-inbox';
import { CourierProvider } from '@trycourier/react-provider';

export default function CourierInbox() {
  return (
        <Inbox />

Hi Andrew, I followed up on a previous thread about the useElementalInbox and useInbox. The scope for useElementalInbox is “inbox:read:messages” which is in beta and isn’t going to work for you right now as mentioned in the other thread.

The scope to use for useInbox should be “read:messages”. There should also be a “write:events” but that seems to be missing, let me check with someone on the events so we can be sure read/unread work correctly.

Hi @riley, I tried useInbox and it worked for me, thank you!
I’m also wondering what permissions I should give to authorize <Inbox /> from @trycourier/react-inbox (you can see code snippet above).
The inbox component makes a lot of requests, not only to get messages, and it can mark messages as read, so there should be some long complex string with permissions to generate this token. I don’t know how to craft it, should I use spaces between permissions like “read:messages read:messageLists write:events”, or some other format, etc. It would be great to see an example in docs

we just have “read:messages” right now, the event one seems to be missing a scope so i’ll need to update that and i think it would be “write:events” as the new inbox api is “inbox:write:events”. also after analyzing the code we should also have “read:brands” aswell as thats included in the initialstate request

although we need to find an update path that doesn’t break people who just did “read:messages”.

i would say it wouldn’t hurt to just do the following as the scope: “read:messages write:events read:brands”