Grant access to individual rooms with access tokens

With access tokens we always recommend using a naming pattern to grant access to multiple rooms at once, for example every room in a user’s organization.

// ✅ Grants access to every `acme` organization roomsession.allow(`session.allow(`acme:*`, session.FULL_ACCESS);

However, it may not always be possible to grant access to every room with a wildcard and naming pattern. One example would be if a user is invited to only one room in a different organization. There’s a way to work around this limitation.

Grant access to individual rooms

When using authEndpoint, Liveblocks provides the current room ID in the request. Below is a Next.js example, where the current room ID is taken from the body, and the user is allowed access to the room. Note that room is undefined when Notifications is authenticating, which is why we’re checking if it exists. Notifications works across rooms, and it doesn’t require any permissions.

import { Liveblocks } from "@liveblocks/node";
const liveblocks = new Liveblocks({ secret: "sk_prod_xxxxxxxxxxxxxxxxxxxxxxxx",});
export async function POST(request: Request) { // Get the current user from your database const user = (request);
// Start an auth session inside your endpoint const session = liveblocks.prepareSession(, { userInfo: user.metadata } // Optional );
const { room } = request.body;
if (room && (user, room)) { session.allow(room, session.FULL_ACCESS); }
// Authorize the user and return the result const { status, body } = await session.authorize(); return new Response(body, { status });}

This approach relies on you creating the __shouldUserHaveAccess__ function, and determining whether the user is allowed inside the room.