Here's a little explanation of Token auth so you know how it works:
- Your server uses the Ably API key to request a 'Token Request' object from Ably
- Your client uses this 'Token Request' object to request the actual token from the Ably server every time it wishes to authenticate.
- These tokens are short-lived and expire after a certain period of time and the client is expected to keep requesting a new token to keep communicating with Ably.
- Using an authUrl or authCallback ensures your client automatically requests for a new token just before the previous one expires, making sure that the connection never drops due to authentication failure caused by an expired token.