Access control & data security

Authentication and authorization mechanisms in your chat app let you decide who can access what resources based on identity and permissions.

Additonal security measures let you send and receive messages and files through your chat app, preventing unauthorized users from accessing that data.

User authentication

In your chat app, you need to have a process of verifying the identity of all users, ensuring that they are who they claim to be.

Unity Chat SDK doesn't provide a built-in authentication mechanism, and you'll need to implement user verification in your app on your own. Typically, this could involve a login system where users provide their credentials (username and password), token-based authentication, Single Sign-On (SSO), two-factor authentication (2FA), or external authentication services like OAuth.

User authorization

A chat app will require an authorization mechanism granting or denying access to specific PubNub resources or functionalities based on the authenticated user's permissions and privileges.

This way, you don't let your chat users delete or modify each other's metadata, publish messages on private channels, or remove messages that other chat members wrote.

Unity Chat SDK provides authorization in your chat app through Access Manager - a secure, token-based permission administrator that lets you regulate clients' access to such PubNub resources as channels and users. By making a single call to Access Manager API, you can define multiple user permissions saying who can do what with your client or server app data.

Depending on whether you create a client or server app, there are three possible actors involved in the authorization cycle: PubNub (server), your own server, and a client device. For more details, read the authorization workflow.

Enable Access Manager

Access Manager is not enabled by default. To use it in your app, you must allow it on your app's keyset in the Admin Portal and then initialize the Unity Chat SDK with SecretKey. Access Manager is available in Unity SDK, not Unity Chat SDK.

Token permissions

When you use Access Manager, your client application will receive a token that governs the access levels and types of operations you can perform. The CanI() method checks if a client has permissions to perform a specific action on a given resource.

Method signature

chatAccessManager.CanI(
PubnubAccessPermission permission,
PubnubAccessResourceType resourceType,
string resourceName
)

Input

ParameterTypeRequiredDescription
permissionPubnubAccessPermissionYesThe operation type to check if the current user has permissions for.
resourceTypePubnubAccessResourceTypeYesThe resource type to check if the current user has permissions for.
resourceNamestringYesThe name of the resource, for example, a channel name or a user ID.
  • PubnubAccessPermission

    public enum PubnubAccessPermission
    {
    Read,
    Write,
    Manage,
    Delete,
    Get,
    Join,
    Update
    }
  • PubnubAccessResourceType

        public enum PubnubAccessResourceType
    {
    Uuids,
    Channels
    }

Output

TypeDescription
boolWhether or not the client has permissions to perform the requested operation on the requested resource.

Basic usage

Check if the current user can send messages to the support channel.

// get the  ChatAccessManager instance
var chatAccessManager = chat.ChatAccessManager;

// define the permissions, resource type, and resource name
PubnubAccessPermission permissionToCheck = PubnubAccessPermission.Write;
PubnubAccessResourceType resourceTypeToCheck = PubnubAccessResourceType.Channels;
string channelName = "support";

// check if the current user can send (write) messages to the 'support' channel
bool canSendMessage = chatAccessManager.CanI(permissionToCheck, resourceTypeToCheck, channelName);

// output the result
if (canSendMessage)
{
Console.WriteLine("The current user has permission to send messages to the 'support' channel.");
show all 20 lines
Last updated on