I’m using rocket-chat with a custom frontend.
In order to use the realtime API via websocket, I create tokens for the users as follows:
- login with admin credentials vie REST API
- create a user token (https://rocket.chat/docs/developer-guides/rest-api/users/createtoken/)
- pass that token to the client frontend
- client uses this token in order to connect to websocket (https://rocket.chat/docs/developer-guides/realtime-api/method-calls/login/#using-an-authentication-token)
The answer that I receive in step 2 returns the user’s id and a token. When I use this token to connect to the websocket, I receive a message through websocket that says that the admin user has been added instead of the user, the token was generated for.
So the token seems to be the admin’s auth token.
Is this expected behavior or am I doing something wrong?
Thanks in advance