User data authorization
There are three possible options for user data authorization, which can be selected on the application profile configuration page.
This is the default option. When selected, all API requests the SDK makes will be authorized using the application code.
When this option is selected, certain backend API calls made by the SDK will require authorization with a securely signed JWT. To implement this option, you need to provide a JWT to Mobile Messaging SDK, either during initialization or later using the setter method. The external user ID of the person is also required to generate the token.
import 'package:infobip_mobilemessaging/infobip_mobilemessaging.dart';
import 'package:infobip_mobilemessaging/models/configurations/configuration.dart' as mmconf;
// Supply JWT on init
await InfobipMobilemessaging.init(
mmconf.Configuration(
applicationCode: 'your-app-code',
userDataJwt: 'some-valid-jwt',
//other params
),
);
// Supply JWT using setter
await InfobipMobilemessaging.setUserDataJwt('another-valid-jwt');The JWT should be generated and fetched from your backend. If there is no external user ID, JWT shall not be set, in which case the person is treated as anonymous and API key authorization will be used.
If your application is configured to use JWT for authorization and provided JWT is
null, then Mobile Messaging personalization method will not work: in this case it is required to supply external user ID as part of user identity and JWT created with that same external user ID. Other SDK methods will work as expected, except the external user ID is not allowed to be updated in any other way other than with personalization method.
Before making the API call, the SDK will validate the provided token for structure and expiration. If the token fails validation, no API call will be made. It is recommended to check for such validation errors in callback functions which you can provide as parameter to Mobile Messaging SDK functions.
Example with saveUser function:
try {
await InfobipMobilemessaging.saveUser(currentUser);
} on PlatformException catch (e) {
switch (e.code) {
case 'JWT_TOKEN_EXPIRED':
{
//token provided is expired, check `exp` parameter
}
break;
case 'JWT_TOKEN_STRUCTURE_INVALID':
{
//the token has invalid structure, check e.mm_message for more details
}
break;
default:
{
//other error happened, f.e. `UNATHORIZED`
log('MobileMessaging: error is $e');
}
break;
}
}The required structure of the JWT and an example of how to generate it can be found in the JSON Web Token (JWT) structure and generation example article.
The SDK functionalities that require JWT authorization are fetchUser, patchUser, and personalize.
With this option, it is only possible to modify personal information over Contact Information API.