I am trying to use JWT token to access a Stream feed but it is returning 404 everytime.
Token header:
"alg": "HS256"
Token payload:
"resource": "feed",
"action": "read"
The token was generated using the jjwt library and signed using the secret provided in my account dashboard. I also validated it on jwt.io and it was a valid token
GET: https://api.getstream.io/api/v1.0/feed/notification/666?api-key=...
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJyZXNvdXJjZSI6ImZlZWQiLCJhY3Rpb24iOiJyZWFkIn0.MUZHXQg0UD6jFpCZN5Mn1e7wwys_1qYuVtfBKtHL8QU
"exception": "GetStreamAPI404",
"detail": "sorry you've hit a 404"
Am I missing something here? Can't figure out what the problem is.
In order to perform correct permission checking, you need to include the feed_id
field in your token payload. The value of the field must be the same as the feed that you are trying to read and be in the form of ${feed_group}:${feed_id}
For instance, the payload for the request in your question (https://api.getstream.io/api/v1.0/feed/notification/666?api-key=) should be:
"resource": "feed",
"action": "read",
"feed_id": "notification:666"
Note: API URLs must end with a trailing slash (eg. /api/v1.0/feed/notification/666/?api_key=...)
Auth HTTP headers:
Authorization must only contain the JWT token
stream-auth-type must be sent with the value jwt