Search code examples
reactjsfirebasegetstream-io

What's the recommended approach to setup a Stream activity feed using Firebase and anonymous users?

I'd like to show a global activity feed and the counts of reactions to website visitors (without a user account). My app is using Firebase and React.

What I'd like to have:

  1. Show a global feed (I'll do this by adding the activities with the "to:" field in each activity) and show it on the start page (no user accounts created so far, read-only)
  2. Show the counts of likes for each activity (read-only)
  3. As soon as someone clicks on the follow or like button, I'll require the user to sign in and create an account. The process after this step is straightforward to me. I'll use a Firebase function to create the auth token and use the client side React components to display the feeds and reactions.

I did not find a solution to show the global feed and the count of reactions to visitors who does not have a user auth token.

Some workarounds in my mind:

  • One approach would be to create an anonymous Firebase user and the Stream auth token for each website visitor. As soon as the user does an interaction I'd require him to create his account and upgrade the user's account using the Firebase migration process. This is pretty safe from a security perspective, but I would have a lot of anonymous users in the backend.
  • Another approach would be to create a global user and use the auth token to show the feed and likes. As soon as someone does an interaction I would require the user to login. Since no read-only Stream user accounts are available for the activity feed product, this might result in a security issue.

Do you have another solution in mind?

Solution

  • I've found a way to create read-only tokens for the client using the JWTScopeToken helper function. (Feed wide read-only tokens)

    const streamSigner = require('getstream/lib/signing')
const apiSecret = '###APISECRET###'
const clientToken = streamSigner.JWTScopeToken(apiSecret, 'feed', 'read', {'feedId': '*', userId: "global"})
console.log("read-only client token for all feeds", clientToken)

    Using this token a can show user and global feeds to new visitors. I do not have to create an anonymous user anymore.