ably 1.0.6 → 1.1.3

data/lib/ably/rest/middleware/parse_message_pack.rb

@@ -10,6 +10,14 @@ module Ably
             env.body = parse(env.body) unless env.response_headers['Ably-Middleware-Parsed'] == true
             env.response_headers['Ably-Middleware-Parsed'] = true
           end
+        rescue Ably::Exceptions::InvalidResponseBody => e
+          debug_info = {
+            method: env.method,
+            url: env.url,
+            base64_body: base64_body(env.body),
+            response_headers: env.response_headers
+          }
+          raise Ably::Exceptions::InvalidResponseBody, "#{e.message}\nRequest env: #{debug_info}"
         end
 
         def parse(body)
@@ -18,8 +26,16 @@ module Ably
           else
             body
           end
+        rescue MessagePack::UnknownExtTypeError => e
+          raise Ably::Exceptions::InvalidResponseBody, "MessagePack::UnknownExtTypeError body could not be decoded: #{e.message}. Got Base64:\n#{base64_body(body)}"
         rescue MessagePack::MalformedFormatError => e
-          raise Ably::Exceptions::InvalidResponseBody, "Expected MessagePack response: #{e.message}"
+          raise Ably::Exceptions::InvalidResponseBody, "MessagePack::MalformedFormatError body could not be decoded: #{e.message}. Got Base64:\n#{base64_body(body)}"
+        end
+
+        def base64_body(body)
+          Base64.encode64(body)
+        rescue => err
+          "[#{err.message}! Could not base64 encode body: '#{body}']"
         end
       end
     end

data/lib/ably/rest/presence.rb

@@ -5,6 +5,7 @@ module Ably
 
       # {Ably::Rest::Client} for this Presence object
       # @return {Ably::Rest::Client}
+      # @private
       attr_reader :client
 
       # {Ably::Rest::Channel} this Presence object is associated with

data/lib/ably/rest/push.rb

@@ -0,0 +1,42 @@
+require 'ably/rest/push/admin'
+
+module Ably
+  module Rest
+    # Class providing push notification functionality
+    class Push
+      include Ably::Modules::Conversions
+
+      # @private
+      attr_reader :client
+
+      def initialize(client)
+        @client = client
+      end
+
+      # Admin features for push notifications like managing devices and channel subscriptions
+      # @return [Ably::Rest::Push::Admin]
+      def admin
+        @admin ||= Admin.new(self)
+      end
+
+      # Activate this device for push notifications by registering with the push transport such as GCM/APNS
+      #
+      # @note This is unsupported in the Ruby library
+      def activate(*arg)
+        raise_unsupported
+      end
+
+      # Deactivate this device for push notifications by removing the registration with the push transport such as GCM/APNS
+      #
+      # @note This is unsupported in the Ruby library
+      def deactivate(*arg)
+        raise_unsupported
+      end
+
+      private
+      def raise_unsupported
+        raise Ably::Exceptions::PushNotificationsNotSupported, 'This device does not support receiving or subscribing to push notifications. All PushChannel methods are unavailable'
+      end
+    end
+  end
+end

data/lib/ably/rest/push/admin.rb

@@ -0,0 +1,54 @@
+require 'ably/rest/push/device_registrations'
+require 'ably/rest/push/channel_subscriptions'
+
+module Ably::Rest
+  class Push
+    # Class providing push notification administrative functionality
+    # for registering devices and attaching to channels etc.
+    class Admin
+      include Ably::Modules::Conversions
+
+      # @api private
+      attr_reader :client
+
+      # @api private
+      attr_reader :push
+
+      def initialize(push)
+        @push = push
+        @client = push.client
+      end
+
+      # Publish a push message directly to a single recipient
+      #
+      # @param recipient [Hash] A recipient device, client_id or raw APNS/GCM target. Refer to push documentation
+      # @param data      [Hash] The notification payload data and fields. Refer to push documentation
+      #
+      # @return [void]
+      #
+      def publish(recipient, data)
+        raise ArgumentError, "Expecting a Hash object for recipient, got #{recipient.class}" unless recipient.kind_of?(Hash)
+        raise ArgumentError, "Recipient data is empty. You must provide recipient details" if recipient.empty?
+        raise ArgumentError, "Expecting a Hash object for data, got #{data.class}" unless data.kind_of?(Hash)
+        raise ArgumentError, "Push data field is empty. You must provide attributes for the push notification" if data.empty?
+
+        publish_data = data.merge(recipient: IdiomaticRubyWrapper(recipient))
+        # Co-erce to camelCase for notitication fields which are always camelCase
+        publish_data[:notification] = IdiomaticRubyWrapper(data[:notification]) if publish_data[:notification].kind_of?(Hash)
+        client.post('/push/publish', publish_data)
+      end
+
+      # Manage device registrations
+      # @return [Ably::Rest::Push::DeviceRegistrations]
+      def device_registrations
+        @device_registrations ||= DeviceRegistrations.new(self)
+      end
+
+      # Manage channel subscriptions for devices or clients
+      # @return [Ably::Rest::Push::ChannelSubscriptions]
+      def channel_subscriptions
+        @channel_subscriptions ||= ChannelSubscriptions.new(self)
+      end
+    end
+  end
+end

data/lib/ably/rest/push/channel_subscriptions.rb

@@ -0,0 +1,121 @@
+module Ably::Rest
+  class Push
+    # Manage push notification channel subscriptions for devices or client identifiers
+    class ChannelSubscriptions
+      include Ably::Modules::Conversions
+
+      # @api private
+      attr_reader :client
+
+      # @api private
+      attr_reader :admin
+
+      def initialize(admin)
+        @admin = admin
+        @client = admin.client
+      end
+
+      # List channel subscriptions filtered by optional params
+      #
+      # @param [Hash] params   the filter options for the list channel subscription request. At least one of channel, client_id or device_id is required
+      # @option params [String]   :channel    filter by realtime pub/sub channel name
+      # @option params [String]   :client_id  filter by devices registered to a client identifier. If provided with device_id param, a concat operation is used so that any device with this client_id or provided device_id is returned.
+      # @option params [String]   :device_id  filter by unique device ID. If provided with client_id param, a concat operation is used so that any device with this device_id or provided client_id is returned.
+      # @option params [Integer]  :limit      maximum number of subscriptions to retrieve up to 1,000, defaults to 100
+      #
+      # @return [Ably::Models::PaginatedResult<Ably::Models::PushChannelSubscription>]  Paginated list of matching {Ably::Models::PushChannelSubscription}
+      #
+      def list(params)
+        raise ArgumentError, "params must be a Hash" unless params.kind_of?(Hash)
+
+        if (IdiomaticRubyWrapper(params).keys & [:channel, :client_id, :device_id]).length == 0
+          raise ArgumentError, "at least one channel, client_id or device_id filter param must be provided"
+        end
+
+        params = params.clone
+
+        paginated_options = {
+          coerce_into: 'Ably::Models::PushChannelSubscription',
+          async_blocking_operations: params.delete(:async_blocking_operations),
+        }
+
+        response = client.get('/push/channelSubscriptions', IdiomaticRubyWrapper(params).as_json)
+
+        Ably::Models::PaginatedResult.new(response, '', client, paginated_options)
+      end
+
+      # List channels with at least one subscribed device
+      #
+      # @param [Hash] params   the options for the list channels request
+      # @option params [Integer]  :limit      maximum number of channels to retrieve up to 1,000, defaults to 100
+      #
+      # @return [Ably::Models::PaginatedResult<String>]  Paginated list of matching {Ably::Models::PushChannelSubscription}
+      #
+      def list_channels(params = {})
+        params = {} if params.nil?
+        raise ArgumentError, "params must be a Hash" unless params.kind_of?(Hash)
+
+        params = params.clone
+
+        paginated_options = {
+          coerce_into: 'String',
+          async_blocking_operations: params.delete(:async_blocking_operations),
+        }
+
+        response = client.get('/push/channels', IdiomaticRubyWrapper(params).as_json)
+
+        Ably::Models::PaginatedResult.new(response, '', client, paginated_options)
+      end
+
+      # Save push channel subscription for a device or client ID
+      #
+      # @param [Ably::Models::PushChannelSubscription,Hash]   push_channel_subscription   the push channel subscription details to save
+      #
+      # @return [void]
+      #
+      def save(push_channel_subscription)
+        push_channel_subscription_object = PushChannelSubscription(push_channel_subscription)
+        raise ArgumentError, "Channel is required yet is empty" if push_channel_subscription_object.channel.to_s.empty?
+
+        client.post("/push/channelSubscriptions", push_channel_subscription_object.as_json)
+      end
+
+      # Remove a push channel subscription
+      #
+      # @param [Ably::Models::PushChannelSubscription,Hash]   push_channel_subscription   the push channel subscription details to remove
+      #
+      # @return [void]
+      #
+      def remove(push_channel_subscription)
+        push_channel_subscription_object = PushChannelSubscription(push_channel_subscription)
+        raise ArgumentError, "Channel is required yet is empty" if push_channel_subscription_object.channel.to_s.empty?
+        if push_channel_subscription_object.client_id.to_s.empty? && push_channel_subscription_object.device_id.to_s.empty?
+          raise ArgumentError, "Either client_id or device_id must be present"
+        end
+
+        client.delete("/push/channelSubscriptions", push_channel_subscription_object.as_json)
+      end
+
+      # Remove all matching push channel subscriptions
+      #
+      # @param [Hash] params   the filter options for the list channel subscription request. At least one of channel, client_id or device_id is required
+      # @option params [String]   :channel    filter by realtime pub/sub channel name
+      # @option params [String]   :client_id  filter by devices registered to a client identifier. If provided with device_id param, a concat operation is used so that any device with this client_id or provided device_id is returned.
+      # @option params [String]   :device_id  filter by unique device ID. If provided with client_id param, a concat operation is used so that any device with this device_id or provided client_id is returned.
+      #
+      # @return [void]
+      #
+      def remove_where(params)
+        raise ArgumentError, "params must be a Hash" unless params.kind_of?(Hash)
+
+        if (IdiomaticRubyWrapper(params).keys & [:channel, :client_id, :device_id]).length == 0
+          raise ArgumentError, "at least one channel, client_id or device_id filter param must be provided"
+        end
+
+        params = params.clone
+
+        client.delete("/push/channelSubscriptions", IdiomaticRubyWrapper(params).as_json)
+      end
+    end
+  end
+end

data/lib/ably/rest/push/device_registrations.rb

@@ -0,0 +1,103 @@
+module Ably::Rest
+  class Push
+    # Manage device registrations for push notifications
+    class DeviceRegistrations
+      include Ably::Modules::Conversions
+
+      # @api private
+      attr_reader :client
+
+      # @api private
+      attr_reader :admin
+
+      def initialize(admin)
+        @admin = admin
+        @client = admin.client
+      end
+
+      # Get registered device by device ID
+      #
+      # @param [String, Ably::Models::DeviceDetails] device_id   the device to retrieve
+      #
+      # @return [Ably::Models::DeviceDetails]  Returns {Ably::Models::DeviceDetails} if a match is found else a {Ably::Exceptions::ResourceMissing} is raised
+      #
+      def get(device_id)
+        device_id = device_id.id if device_id.kind_of?(Ably::Models::DeviceDetails)
+        raise ArgumentError, "device_id must be a string or DeviceDetails object" unless device_id.kind_of?(String)
+
+        DeviceDetails(client.get("/push/deviceRegistrations/#{device_id}").body)
+      end
+
+      # List registered devices filtered by optional params
+      #
+      # @param [Hash] params   the filter options for the list registered device request
+      # @option params [String]   :client_id  filter by devices registered to a client identifier. Cannot be used with +device_id+ param
+      # @option params [String]   :device_id  filter by unique device ID. Cannot be used with +client_id+ param
+      # @option params [Integer]  :limit      maximum number of devices to retrieve up to 1,000, defaults to 100
+      #
+      # @return [Ably::Models::PaginatedResult<Ably::Models::DeviceDetails>]  Paginated list of matching {Ably::Models::DeviceDetails}
+      #
+      def list(params = {})
+        params = {} if params.nil?
+        raise ArgumentError, "params must be a Hash" unless params.kind_of?(Hash)
+        raise ArgumentError, "device_id filter cannot be specified alongside a client_id filter. Use one or the other" if params[:client_id] && params[:device_id]
+
+        params = params.clone
+
+        paginated_options = {
+          coerce_into: 'Ably::Models::DeviceDetails',
+          async_blocking_operations: params.delete(:async_blocking_operations),
+        }
+
+        response = client.get('/push/deviceRegistrations', IdiomaticRubyWrapper(params).as_json)
+
+        Ably::Models::PaginatedResult.new(response, '', client, paginated_options)
+      end
+
+      # Save and register device
+      #
+      # @param [Ably::Models::DeviceDetails, Hash]  device   the device details to save
+      #
+      # @return [void]
+      #
+      def save(device)
+        device_details = DeviceDetails(device)
+        raise ArgumentError, "Device ID is required yet is empty" if device_details.id.nil? || device_details == ''
+
+        client.put("/push/deviceRegistrations/#{device_details.id}", device_details.as_json)
+      end
+
+      # Remove device
+      #
+      # @param [String, Ably::Models::DeviceDetails]  device_id  the device to remove
+      #
+      # @return [void]
+      #
+      def remove(device_id)
+        device_id = device_id.id if device_id.kind_of?(Ably::Models::DeviceDetails)
+        raise ArgumentError, "device_id must be a string or DeviceDetails object" unless device_id.kind_of?(String)
+
+        client.delete("/push/deviceRegistrations/#{device_id}", {})
+      end
+
+      # Remove device matching where params
+      #
+      # @param [Hash] params   the filter params for the remove request
+      # @option params [String]   :client_id  remove devices registered to a client identifier. Cannot be used with +device_id+ param
+      # @option params [String]   :device_id  remove device with this unique device ID. Cannot be used with +client_id+ param
+      #
+      # @return [void]
+      #
+      def remove_where(params = {})
+        filter = if params.kind_of?(Ably::Models::DeviceDetails)
+          { 'deviceId' => params.id }
+        else
+          raise ArgumentError, "params must be a Hash" unless params.kind_of?(Hash)
+          raise ArgumentError, "device_id filter cannot be specified alongside a client_id filter. Use one or the other" if params[:client_id] && params[:device_id]
+          IdiomaticRubyWrapper(params).as_json
+        end
+        client.delete("/push/deviceRegistrations", filter)
+      end
+    end
+  end
+end

data/lib/ably/version.rb

@@ -1,6 +1,6 @@
 module Ably
-  VERSION = '1.0.6'
-  PROTOCOL_VERSION = '1.0'
+  VERSION = '1.1.3'
+  PROTOCOL_VERSION = '1.1'
 
   # Allow a variant to be configured for all instances of this client library
   # such as ruby-rest-[VERSION]
@@ -13,4 +13,9 @@ module Ably
   def self.lib_variant
     @lib_variant
   end
+
+  # @api private
+  def self.major_minor_version_numeric
+    VERSION.gsub(/\.\d+$/, '').to_f
+  end
 end

data/spec/acceptance/realtime/auth_spec.rb

@@ -607,16 +607,17 @@ describe Ably::Realtime::Auth, :event_machine do
 
           context 'when auth fails' do
             let(:client_options) { default_options.merge(auth_callback: basic_token_cb, log_level: :none) }
+            let!(:token_string) { client.rest_client.auth.request_token.token }
 
             it 'transitions the connection state to the FAILED state (#RSA15c, #RTC8a2, #RTC8a3)' do
               connection_failed = false
 
               client.connection.once(:connected) do
-                client.auth.authorize(nil, auth_callback: lambda { |token_params| 'invalid.token:will.cause.failure' }).tap do |deferrable|
+                client.auth.authorize(nil, auth_callback: lambda { |token_params| "#{app_id}.invalid.token.will.cause.failure" }).tap do |deferrable|
                   deferrable.errback do |error|
                     EventMachine.add_timer(0.2) do
                       expect(connection_failed).to eql(true)
-                      expect(error.message).to match(/Invalid accessToken/i)
+                      expect(error.message).to match(/invalid.*accessToken/i)
                       expect(error.code).to eql(40005)
                       stop_reactor
                     end
@@ -626,7 +627,7 @@ describe Ably::Realtime::Auth, :event_machine do
               end
 
               client.connection.once(:failed) do
-                expect(client.connection.error_reason.message).to match(/Invalid accessToken/i)
+                expect(client.connection.error_reason.message).to match(/invalid.*accessToken/i)
                 expect(client.connection.error_reason.code).to eql(40005)
                 connection_failed = true
               end
@@ -660,17 +661,19 @@ describe Ably::Realtime::Auth, :event_machine do
                 client.connection.once(:disconnected) { raise 'Upgrade does not require a disconnect' }
 
                 channel = client.channels.get('foo')
-                channel.publish('not-allowed').errback do |error|
-                  expect(error.code).to eql(40160)
-                  expect(error.message).to match(/permission denied/)
+                channel.attach do
+                  channel.publish('not-allowed').errback do |error|
+                    expect(error.code).to eql(40160)
+                    expect(error.message).to match(/permission denied/)
 
-                  client.auth.authorize(nil, auth_callback: upgraded_token_cb)
-                  client.connection.once(:update) do
-                    expect(client.connection.error_reason).to be_nil
-                    channel.subscribe('now-allowed') do |message|
-                      stop_reactor
+                    client.auth.authorize(nil, auth_callback: upgraded_token_cb)
+                    client.connection.once(:update) do
+                      expect(client.connection.error_reason).to be_nil
+                      channel.subscribe('now-allowed') do |message|
+                        stop_reactor
+                      end
+                      channel.publish 'now-allowed'
                     end
-                    channel.publish 'now-allowed'
                   end
                 end
               end
@@ -749,11 +752,8 @@ describe Ably::Realtime::Auth, :event_machine do
       end
 
       context 'when received' do
-        # Ably in all environments other than locla will send AUTH 30 seconds before expiry
-        # We set the TTL to 33s and wait (3s window)
-        # In local env, that window is 5 seconds instead of 30 seconds
-        let(:local_offset) { ENV['ABLY_ENV'] == 'local' ? 25 : 0 }
-        let(:client_options) { default_options.merge(use_token_auth: :true, default_token_params: { ttl: 33 - local_offset }) }
+        # Ably will send AUTH 30 seconds before expiry
+        let(:client_options) { default_options.merge(use_token_auth: :true, default_token_params: { ttl: 33 }) }
 
         it 'should immediately start a new authentication process (#RTN22)' do
           client.connection.once(:connected) do
@@ -1031,5 +1031,233 @@ describe Ably::Realtime::Auth, :event_machine do
         end
       end
     end
+
+    context 'when using JWT' do
+      let(:auth_url) { 'https://echo.ably.io/createJWT' }
+      let(:auth_params) { { keyName: key_name, keySecret: key_secret } }
+      let(:channel_name) { "test_JWT_#{random_str}" }
+      let(:message_name) { 'message_JWT' }
+
+      # RSA8g
+      context 'when using auth_url' do
+        let(:client_options) { default_options.merge(auth_url: auth_url, auth_params: auth_params) }
+
+        context 'when credentials are valid' do
+          it 'client successfully fetches a channel and publishes a message' do
+            channel = client.channels.get(channel_name)
+            channel.subscribe do |message|
+              expect(message.name).to eql(message_name)
+              stop_reactor
+            end
+            channel.publish message_name
+          end
+        end
+
+        context 'when credentials are wrong' do
+          let(:auth_params) { { keyName: key_name, keySecret: 'invalid' } }
+
+          it 'disconnected includes and invalid signature message' do
+            client.connection.once(:disconnected) do |state_change|
+              expect(state_change.reason.message.match(/signature verification failed/i)).to_not be_nil
+              expect(state_change.reason.code).to eql(40144)
+              stop_reactor
+            end
+            client.connect
+          end
+        end
+
+        context 'when token is expired' do
+          let(:token_duration) { 5 }
+          let(:auth_params) { { keyName: key_name, keySecret: key_secret, expiresIn: token_duration } }
+          it 'receives a 40142 error from the server' do
+            client.connection.once(:connected) do
+              client.connection.once(:disconnected) do |state_change|
+                expect(state_change.reason).to be_a(Ably::Models::ErrorInfo)
+                expect(state_change.reason.message).to match(/(expire)/i)
+                expect(state_change.reason.code).to eql(40142)
+                stop_reactor
+              end
+            end
+          end
+        end
+      end
+
+      # RSA8g
+      context 'when using auth_callback' do
+        let(:token_callback) do
+          lambda do |token_params|
+            Ably::Rest::Client.new(default_options).auth.request_token({}, { auth_url: auth_url, auth_params: auth_params }).token
+          end
+        end
+        let(:client_options) { default_options.merge(auth_callback: token_callback) }
+        WebMock.allow_net_connect!
+        WebMock.disable!
+        context 'when credentials are valid' do
+
+          it 'authentication succeeds and client can post a message' do
+            channel = client.channels.get(channel_name)
+            channel.subscribe do |message|
+              expect(message.name).to eql(message_name)
+              stop_reactor
+            end
+            channel.publish(message_name) do
+              # assert_requested :get, Addressable::Template.new("#{auth_url}{?keyName,keySecret}")
+            end
+          end
+        end
+
+        context 'when credentials are invalid' do
+          let(:auth_params) { { keyName: key_name, keySecret: 'invalid' } }
+
+          it 'authentication fails and reason for disconnection is invalid signature' do
+            client.connection.once(:disconnected) do |state_change|
+              expect(state_change.reason.message.match(/signature verification failed/i)).to_not be_nil
+              expect(state_change.reason.code).to eql(40144)
+              stop_reactor
+            end
+            client.connect
+          end
+        end
+      end
+
+      context 'when the client is initialized with ClientOptions and the token is a JWT token' do
+        let(:client_options) { { token: token, environment: environment, protocol: protocol } }
+
+        context 'when credentials are valid' do
+          let(:token) { Faraday.get("#{auth_url}?keyName=#{key_name}&keySecret=#{key_secret}").body }
+
+          it 'posts successfully to a channel' do
+            channel = client.channels.get(channel_name)
+            channel.subscribe do |message|
+              expect(message.name).to eql(message_name)
+              stop_reactor
+            end
+            channel.publish(message_name)
+          end
+        end
+
+        context 'when credentials are invalid' do
+          let(:key_secret) { 'invalid' }
+          let(:token) { Faraday.get("#{auth_url}?keyName=#{key_name}&keySecret=#{key_secret}").body }
+          let(:client_options) { { token: token, environment: environment, protocol: protocol, log_level: :none } }
+
+          it 'fails with an invalid signature error' do
+            client.connection.once(:disconnected) do |state_change|
+              expect(state_change.reason.message.match(/signature verification failed/i)).to_not be_nil
+              expect(state_change.reason.code).to eql(40144)
+              stop_reactor
+            end
+            client.connect
+          end
+        end
+      end
+
+      context 'when JWT token expires' do
+        before do
+          stub_const 'Ably::Models::TokenDetails::TOKEN_EXPIRY_BUFFER', 0 # allow token to be used even if about to expire
+          stub_const 'Ably::Auth::TOKEN_DEFAULTS', Ably::Auth::TOKEN_DEFAULTS.merge(renew_token_buffer: 0) # Ensure tokens issued expire immediately after issue
+        end
+        let(:token_callback) do
+          lambda do |token_params|
+            # Ably in all environments other than production will send AUTH 5 seconds before expiry, so
+            # we generate a JWT that expires in 5s so that the window for Realtime to send has passed
+            tokenResponse = Faraday.get "#{auth_url}?keyName=#{key_name}&keySecret=#{key_secret}&expiresIn=5"
+            tokenResponse.body
+          end
+        end
+        let(:client_options) { default_options.merge(use_token_auth: true, auth_callback: token_callback) }
+
+        # RTC8a
+        it 'client disconnects, a new token is requested via auth_callback and the client gets reconnected' do
+          client.connection.once(:connected) do
+            original_token = auth.current_token_details
+            original_conn_id = client.connection.id
+
+            client.connection.once(:disconnected) do |state_change|
+              expect(state_change.reason.code).to eql(40142)
+
+              client.connection.once(:connected) do
+                expect(original_token).to_not eql(auth.current_token_details)
+                expect(original_conn_id).to eql(client.connection.id)
+                stop_reactor
+              end
+            end
+          end
+        end
+
+        context 'and an AUTH procol message is received' do
+          let(:token_callback) do
+            lambda do |token_params|
+              # Ably in all environments other than local will send AUTH 30 seconds before expiry
+              # We set the TTL to 35s so there's room to receive an AUTH protocol message
+              tokenResponse = Faraday.get "#{auth_url}?keyName=#{key_name}&keySecret=#{key_secret}&expiresIn=35"
+              tokenResponse.body
+            end
+          end
+
+          # RTC8a, RTC8a4
+          it 'client reauths correctly without going through a disconnection' do
+            client.connection.once(:connected) do
+              original_token = client.auth.current_token_details
+              received_auth = false
+
+              client.connection.__incoming_protocol_msgbus__.subscribe(:protocol_message) do |protocol_message|
+                received_auth = true if protocol_message.action == :auth
+              end
+
+              client.connection.once(:update) do
+                expect(received_auth).to be_truthy
+                expect(original_token).to_not eql(client.auth.current_token_details)
+                stop_reactor
+              end
+            end
+          end
+        end
+      end
+
+      context 'when the JWT token request includes a client_id' do
+        let(:client_id) { random_str }
+        let(:auth_callback) do
+          lambda do |token_params|
+            Faraday.get("#{auth_url}?keyName=#{key_name}&keySecret=#{key_secret}&client_id=#{client_id}").body
+          end
+        end
+        let(:client_options) { default_options.merge(auth_callback: auth_callback) }
+
+        it 'the client_id is the same that was specified in the auth_callback that generated the JWT token' do
+          client.connection.once(:connected) do
+            expect(client.auth.client_id).to eql(client_id)
+            stop_reactor
+          end
+        end
+      end
+
+      context 'when the JWT token request includes a subscribe-only capability' do
+        let(:channel_with_publish_permissions) { "test_JWT_with_publish_#{random_str}" }
+        let(:basic_capability) { JSON.dump(channel_name => ['subscribe'], channel_with_publish_permissions => ['publish']) }
+        let(:auth_callback) do
+          lambda do |token_params|
+            Faraday.get("#{auth_url}?keyName=#{key_name}&keySecret=#{key_secret}&capability=#{URI.escape(basic_capability)}").body
+          end
+        end
+        let(:client_options) { default_options.merge(auth_callback: auth_callback, log_level: :error) }
+
+        it 'client fails to publish to a channel with subscribe-only capability and publishes successfully on a channel with permissions' do
+          client.connection.once(:connected) do
+            forbidden_channel = client.channels.get(channel_name)
+            allowed_channel = client.channels.get(channel_with_publish_permissions)
+            forbidden_channel.publish('not-allowed').errback do |error|
+              expect(error.code).to eql(40160)
+              expect(error.message).to match(/permission denied/)
+
+              allowed_channel.publish(message_name) do |message|
+                expect(message.name).to eql(message_name)
+                stop_reactor
+              end
+            end
+          end
+        end
+      end
+    end
   end
 end