• DocsDocs
  • PricingPricing
Book a demo
Sign in
Sign in
Book a demo
    • Ready-made features
      • AI Copilots
        AI Copilots

        In-app AI agents that feel human

      • Comments
        Comments

        Contextual commenting

      • Multiplayer Editing
        Multiplayer Editing

        Realtime collaboration

      • Notifications
        Notifications

        Smart alerts for your app

      • Presence
        Presence

        Realtime presence indicators

    • Platform
      • Monitoring Dashboard
        Monitoring Dashboard

        Monitor your product

      • Realtime Infrastructure
        Realtime Infrastructure

        Hosted WebSocket infrastructure

    • Tools
      • Examples

        Gallery of open source examples

      • Next.js Starter Kit

        Kickstart your Next.js collaborative app

      • DevTools

        Browser extension for debugging

      • Tutorial

        Step-by-step interactive tutorial

      • Guides

        How-to guides and tutorial

    • Company
      • Blog

        The latest from Liveblocks

      • Customers

        The teams Liveblocks empowers

      • Changelog

        Weekly product updates

      • Security

        Our approach to security

      • About

        The story and team behind Liveblocks

  • Docs
  • Pricing
  • Ready-made features
    • AI Copilots
    • Comments
    • Multiplayer Editing
    • Notifications
    • Presence
    Platform
    • Monitoring Dashboard
    • Realtime Infrastructure
    Solutions
    • People platforms
    • Sales tools
    • Startups
    Use cases
    • Multiplayer forms
    • Multiplayer text editor
    • Multiplayer creative tools
    • Multiplayer whiteboard
    • Comments
    • Sharing and permissions
    • Document browsing
  • Resources
    • Documentation
    • Examples
    • React components
    • DevTools
    • Next.js Starter Kit
    • Tutorial
    • Guides
    • Release notes
    Technologies
    • Next.js
    • React
    • JavaScript
    • Redux
    • Zustand
    • Yjs
    • Tiptap
    • BlockNote
    • Slate
    • Lexical
    • Quill
    • Monaco
    • CodeMirror
  • Company
    • Pricing
    • Blog
    • Customers
    • Changelog
    • About
    • Contact us
    • Careers
    • Terms of service
    • Privacy policy
    • DPA
    • Security
    • Trust center
    • Subprocessors
  • HomepageSystem status
    • Github
    • Discord
    • X
    • LinkedIn
    • YouTube
    © 2025 Liveblocks Inc.
Blog/Updates

What's new in v1.2

With this release, we're introducing new flexible authentication methods to handle permissions for your collaborative application, leading to improved performance and developer experience.

, on August 2nd, 2023
What's new in v1.2
August 2nd, 2023·5 min read
Share article

With Liveblocks 1.2, we’re introducing new flexible authentication methods to handle permissions for your collaborative application. Not only do these new authentication methods improve loading performance significantly, they also make it much easier to integrate Liveblocks into existing permission systems without having to synchronize Liveblocks rooms every time permissions are updated.

  • Authenticating with public key
  • Authenticating with secret key
  • Performance improvements

Authenticating with public key

const client = createClient({  publicApiKey: "pk_prod_xxxxxxxxxxxxxxxxxxxxxxxx",});

No changes are required if you’re currently using Liveblocks public keys, but you’ll notice a significant performance improvement when connecting to collaborative rooms. We’ll share more on this below.

Authenticating with secret key

import { createClient } from "@liveblocks/client";
const client = createClient({ authEndpoint: "/api/liveblocks-auth",});

We’re introducing two new ways to handle permissions with secret keys:

  • Access token are simple to use, and are recommended for most applications.
  • ID token are best if you’re using fine-grained permissions with our REST API.
Access
Access
ID token
ID token

Access token permissions

Access tokens contain embedded permissions and metadata about the current user. If you already have your own permission system, we recommend this approach as it will allow you to set specific access to multiple rooms from one spot—without having to synchronize permissions with Liveblocks.

Access token diagram

Here is what a standard Liveblocks authentication endpoint leveraging the access token approach would look like in a Next.js application:

import { Liveblocks } from "@liveblocks/node";
// Create a clientconst liveblocks = new Liveblocks({ secret: "sk_prod_xxxxxxxxxxxxxxxxxxxxxxxx",});
export async function POST(request: Request) { const user = __getUserFromDB__(request);
// Start an auth session inside your endpoint const session = liveblocks.prepareSession( user.id, { userInfo: user.metadata } // Optional );
// Give the user access to the room const { room } = await request.json(); if (room && __shouldUserHaveAccess__(user, room)) { // e.g. session.allow("my-room", ["room:write"]) session.allow(room, session.FULL_ACCESS); }
// Authorize the user and return the result const { status, body } = await session.authorize(); return new Response(body, { status });}

And what’s powerful about this approach is that you can allow access up to multiple rooms at once within a given session.

session.allow("my-room-1", session.FULL_ACCESS);session.allow("my-room-2", session.FULL_ACCESS);session.allow("someone-elses-room-1", session.READ_ACCESS);
// Prefix-based wildcard patterns are supported as well,// enabling you to give access to all rooms starting with a specific namesession.allow("my-room-*", session.FULL_ACCESS);

Make sure to check out the authentication step-by-step docs to set it up for your application.

ID token permissions

ID tokens act as a verified ID representation of a user. With this approach, permissions must be set at the room level so that ID tokens can be checked upon entry, making sure the given user has access to the room. The Liveblocks servers perform this authorization, so your permissions need to be set up front using the Liveblocks REST API.

ID token diagram

Here’s an example of a Liveblocks authentication endpoint in Next.js which implements the ID token approach:

import { Liveblocks } from "@liveblocks/node";
// Create a clientconst liveblocks = new Liveblocks({ secret: "sk_prod_xxxxxxxxxxxxxxxxxxxxxxxx",});
export async function POST(request: Request) { const user = __getUserFromDB__(request);
// Identify the user and return the result const { status, body } = await liveblocks.identifyUser({ userId: user.id, groupIds, // Optional });
return new Response(body, { status });}

Make sure to check out the authentication step-by-step docs to set it up for your application.

Performance improvements

The new authentication model makes connecting to a Liveblocks room quicker due to reduced round trips between clients and servers, enabling users to save seconds of loading time.

Public key performance improvements

JWT tokens are no longer generated when using public keys. This enables us to save one round trip between Liveblocks servers and your client code.

Public key roundtrips before
Public key roundtrips before
Public key roundtrips after
Public key roundtrips after

Secret key performance improvements

JWT tokens are only generated once when using secret keys. This makes subsequent connections to rooms significantly faster.

Secret key roundtrips before
Secret key roundtrips before
Secret key roundtrips after for first connection
Secret key roundtrips after for first connection
Secret key roundtrips after for subsequent connections
Secret key roundtrips after for subsequent connections

Migrating to v1.2

Single-room tokens (the previous authentication method) generated through both public and secret keys will continue to work for now, but will be deprecated in the coming months. If you use public keys, tokens won’t be needed anymore in v1.2. If you use secret keys, we recommend that you update your back end endpoint to use the new methods. For most cases, we recommend access tokens, but if you’re already using Liveblocks permissions, ID tokens may be the better choice.

We’ve written a migration guide to help you migrate.

Contributors

Huge thanks to everyone who contributed and specifically to Chris Nicholas and Guillaume Salles for the feedback and help testing this out. Also a big shout out to our incredible community that keeps jumping in to help us improve our infrastructure! Keep checking out the changelog for the full release notes – see you next time!

Related blog posts

  • What's new in Liveblocks: August 2025

    What's new in Liveblocks: August 2025

    Picture of Chris Nicholas
    September 17th
    Updates
  • What’s new in Liveblocks: July 2025

    What’s new in Liveblocks: July 2025

    Picture of Chris Nicholas
    August 5th
    Updates
  • What’s new in Liveblocks: June 2025

    What’s new in Liveblocks: June 2025

    Picture of Chris Nicholas
    July 15th
    Updates