Can a client emulate any client ID i.e. authenticate using a wildcard client ID?

Typically, when using the recommend token authentication scheme for clients, a client ID is assigned in one of the following ways:

 

 

  • An explicit clientId string is provided when creating the token.  Clients using that token are restricted to operations for only that clientId and all operations will implicitly contain that clientId. For example, when publishing a message, the clientId attribute of the message will be prepopulated with that clientId. Entering presence will too implicitly use that clientId.
  • No clientId is provided when creating the token.  Clients using that token will not be permitted to assume an identity and all operations will be assumed to come from an unidentified client i.e. the clientId attribute will be omitted from any messages published.  Unidentified clients are not permitted to participate in presence.
  • The wildcard clientId string "*" is provided when creating the token.  Client using that token are able to assume any identity in all operations including publish messages and entering presence.  See managing multiple client IDs of the presence documentation for more info.

 

Find out more about Ably's authentication schemes in the documentation.