I’m using inbox from @trycourier/react-inbox and could not find in the documentation how to generate a token for a user to authorize it. Available Scopes don’t seem be complete
I was trying to generate a token on the backend via POST /auth/issue-token with "scope": "user_id:ID inbox:read:messages", but the inbox will make more queries, for example query InitialState and your API will return 401.
One interesting thing is that if this token sent tohttps://api.courier.com/client/q request will always return 401, but query GetInboxMessages to https://fxw3r7gdm9.execute-api.us-east-1.amazonaws.com/production/q will succeed with empty messages:
Hi Andrew, I followed up on a previous thread about the useElementalInbox and useInbox. The scope for useElementalInbox is “inbox:read:messages” which is in beta and isn’t going to work for you right now as mentioned in the other thread.
The scope to use for useInbox should be “read:messages”. There should also be a “write:events” but that seems to be missing, let me check with someone on the events so we can be sure read/unread work correctly.
Hi @riley, I tried useInbox and it worked for me, thank you!
I’m also wondering what permissions I should give to authorize <Inbox /> from @trycourier/react-inbox (you can see code snippet above).
The inbox component makes a lot of requests, not only to get messages, and it can mark messages as read, so there should be some long complex string with permissions to generate this token. I don’t know how to craft it, should I use spaces between permissions like “read:messages read:messageLists write:events”, or some other format, etc. It would be great to see an example in docs
we just have “read:messages” right now, the event one seems to be missing a scope so i’ll need to update that and i think it would be “write:events” as the new inbox api is “inbox:write:events”. also after analyzing the code we should also have “read:brands” aswell as thats included in the initialstate request
although we need to find an update path that doesn’t break people who just did “read:messages”.
i would say it wouldn’t hurt to just do the following as the scope: “read:messages write:events read:brands”