![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 54%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPV%3C/text%3E%3C/svg%3E)
Azure Communication Services
An Azure communication platform for deploying applications across devices and platforms.
684 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 8%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
The behavior you observed with the React Composite app and .NET back end for video calls, where a user was able to remain in a call even after their access token was revoked and they were unable to send chat messages, could be due to the way the application handles access tokens and call state.
When dealing with real-time communication applications like video calls, there are typically two types of tokens involved:
Authentication Token (Access Token): This token is used to authenticate the user and grant access to certain features or services. In your case, it's used to authenticate the user for sending chat messages and other operations within the app.
Session Token (Call Token): This token is specific to the real-time communication session, such as a video call. It's used to establish and maintain the connection between participants during the call.
It's possible that the video call component in the app is not tightly coupled with the chat component when it comes to token management. Revoking the access token might disable the user's ability to send chat messages, but if the call token is still valid and the call session is active, the user might still be able to remain in the call.
To handle access control more comprehensively, the app should ensure that both access tokens and session tokens are checked and managed appropriately. When the access token is revoked, the app should also consider ending the ongoing call session and handling scenarios where the user might try to rejoin the call without valid access.
Additionally, consider checking the token expiration and refreshing mechanisms to ensure that users are appropriately logged out and restricted from the call session when their access expires.
Regarding whether this is a bug or not, it depends on the intended behavior of the application. If the app's design allows users to remain in a call even after their access to chat is revoked, then it might not be considered a bug. However, if it's expected that revoking access should also terminate any active call sessions, then it could be a bug or a missing feature.
To address this issue, you may need to review the token management and call handling logic in your app, ensuring that both access and session tokens are appropriately validated and revoked as needed. If you're unsure about the behavior, you can reach out to the developers or support team of the React Composite app or the communication library for further clarification.
--please don't forget to upvote and Accept as answer if the reply is helpful--