Hi guys,
I would like to restrict the access to channels and manage it with my own rbac layer on my api side.
Is it possible to just disable the join functionality, and handle channel joins via a server-to-server application?
This is a real decision maker for us, to use amity or not.
Since we want to handle multi-tenancy data in one application - we need to be able to restrict channel joins for specific users - best way would be to just let our server handle channelJoins and deny the channel join from client => to amity.co
Would be great when somebody has an idea!
Thank you very much in advance!
Hello @jdde have you checked on our conversation channel type? does it suit your use case? Which platform are you planning to implement? so I can provide the right document for you :))
We’re implementing our client in flutter, but it basically doesn’t matter for the use-case.
We could integrate any api endpoint by ourselves.
The problem with the conversational channel type, is that we have to add a new users to all those conversations, when he registers.
means we would have many conversational channels with > 50 users.
When this is not a problem, and we could just sync people into a conversation/adding users into a conversation on amity’s side, that’s fine.
Hello, just tested it - unfortunately an admin cant add users to a conversation channel.
Those requests just result in a 403 with message “Can’t add users in the conversation channel”
Hi @jdde another type of channels that would suit your requirement would be “Live” type, it will allow admin to manage channel: Channel Management - Amity Docs
Good morning
Yess, I already saw that, the core problem is, that there cant be an authorization layer in front of the channel. When I know the channelId, I’m able to join the room, no matter what user I am.
That’s why it would be great if you guys could take that into consideration, to just deactivate the channel join endpoint. Then, in our case, we could easily handle it via admin api to just assign users to channels, basically we would handle the join logic on our side - then its way more secure
would be great!
For now we will probably use live channels & webhooks do ban users from channels, when they’re joining a channel, which they shouldn’t join.
Morning @jdde, yes, unfortunately, that’s how the live channel is designed. To deactivate channel join endpoint is impossible at the moment, since, it will apply to other users as well
