How to manage Auth Tokens

The CometChat docs say to store the Auth Token in our database. However, one auth token is valid per user per device. So this auth token will fail if the user logs in with another device than device he signed up with.

Of course, you could create an Auth Token each time the user logs in and delete it when they log out. However, that will increase pricing because each Auth Token is considered a MAU (Monthly Active User).

Ideally, we would create only 1 Auth Token per device, correct? Does the API automatically prevent duplicate Auth Tokens for the same device? Is this the behavior when I set force to false as mentioned in docs?

Hi @vcamp

The same authToken can be reused with multiple devices and it will still work. However, with this, the push notifications will work only for the most recently logged-in device. Also, we will be updating our documentation to discourage the developer to store the authToken in DB as it has issues with multi-device push notifications.

You can create an authToken every time users logs in and delete it when they log out. It doesn’t affect MAU count as MAU is calculated as distinct UIDs active for a month not the authTokens.

Yes, Ideally one authToken is created per device via CometChat SDK and it prevents duplicate authTokens per device. You are right, this is the behavior when force is set false.

Thank you, all makes sense.

1. How do we get the current device Auth Token? We have the endpoints for getting an auth token given an auth token id, and listing all auth tokens given a UID, but I don’t see endpoint for filtering the current device auth token.

2. Please provide me with latest information on how MAU is calculated (are they active even if they don’t send a message?) It appears the information in this post is outdated.

Thank you.

Hello @vcamp,

1. There isn’t any REST API endpoint for filtering the current device auth token.
   Can you please let us know why do you need this, so that we can help you further.

2. MAU is calculated as distinct UIDs active for a month.
   A user is marked as active, even if they haven’t sent a message
   since the SDKs are still listening to the real-time events.

Hi @siva.nadar,

Yes it was recommended by @ketan.yekale to “create an authToken every time users logs in and delete it when they log out.” To implement, I would need to delete the authToken for the device they logged out of. How do I delete an auth token for only the device they logged out of?

A user is marked as active, even if they haven’t sent a message
since the SDKs are still listening to the real-time events.

The Pricing page says “a monthly active user (MAU) is a user that has performed any activity on CometChat in the last 30 days.” Please explain what is meant by activity. Thank you sir.

Screen Shot 2021-06-22 at 11.48.33 AM2046×1128 186 KB

Hello @vcamp ,

You do not have to explicitly delete the authToken using REST API since this is already managed by SDK.
You simply have to use CometChat.logout() function.

Basically any user that logs in via SDK is considered as active user irrespective they send a message or not. So login to CometChat is considered an activity.

@siva.nadar

I’m using the CometChat Widget.

The method I’m calling is:
CometChatWidget.logout()

The user is logged out successfully, but the Auth Token is not deleted. Please advise.

Hello @vcamp ,

There is no need to delete the auth tokens explicitly.
The mau calculation is based on distinct UIDs and NOT authtokens.
Any specific reason to delete the auth token on logout ?

@siva.nadar

I see, thank you. This comment said to delete auth token:

You can create an authToken every time users logs in and delete it when they log out.

But if it’s not necessary to delete it explicitly, then I won’t, as you said.

Thank you.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.