Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ENDOC-283 Update token-authentication #1566

Merged
merged 3 commits into from
Jul 9, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 8 additions & 6 deletions shared/video-sdk/authentication-workflow/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -839,7 +839,7 @@ Refer to the following steps to build and run a token generator locally to gener
1. Run the following command to install dependencies.

```go
$ go get
$ go get github.com/AgoraIO/Tools/DynamicKey/AgoraDynamicKey/go/src/rtctokenbuilder2
```

1. Run the following command to start the token generator:
Expand Down Expand Up @@ -869,13 +869,13 @@ SDKs using `AccessToken2` can interoperate with SDKs using `AccessToken`. The SD

### API Reference​

This section documents the core methods you use to generate tokens, using the Golang language as an example.
This section documents the core methods you use to generate tokens, using the Golang code as an example.

- `BuildTokenWithUid`: Generate a token, set the expiration time, and define all permissions.

- `BuildTokenWithUidAndPrivilege`: Generate a token with fine control over streaming permissions. Set the validity period of the token and the expiration time of permissions to join channels, publish audio, video, and data streams.

To generate a token and set the expiration time for all permissions, use:
#### `BuildTokenWithUid`

Generate a token, set the expiration time, and define all permissions.

```go
func BuildTokenWithUid(
Expand All @@ -902,7 +902,9 @@ func BuildTokenWithUid(
If the token expires but the permissions have not expired, the user remains in the channel and can continue to send streams. Any callbacks related to the token in the SDK are not triggered. Once disconnected from the channel, the user is not able to use the expired token to join the same channel. Best practice is to use consistent settings for the token expiration time and the permission expiration time.
</Admonition>

To generate a token and set expiration time for different permissions, use:
#### `BuildTokenWithUidAndPrivilege`

Generate a token with fine control over streaming permissions. Set the validity period of the token and the expiration time of permissions to join channels, publish audio, video, and data streams.

```go
func BuildTokenWithUidAndPrivilege(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,71 @@ This section shows you how to integrate token authentication in your <Vpl k="CLI
</html>
```

1. Open `agoraLogic.js`. Refer to the following code to add the `fetchToken` method and use it to retrieve a token from the token server to join a channel. Add token expiration callbacks to renew the token.
1. Add a `fetchToken` method to retrieve a token from your token server to join a channel.

```js
// Retrieve a token from your token server
function fetchToken(uid, channelName, tokenRole) {

return new Promise(function (resolve) {
axios.post('http://<Your host URL and port>/fetch_rtc_token', {
uid: uid,
channelName: channelName,
role: tokenRole
}, {
headers: {
'Content-Type': 'application/json; charset=UTF-8'
}
})
.then(function (response) {
const token = response.data.token;
resolve(token);
})
.catch(function (error) {
console.log(error);
});
})
}
```

1. Use the token to join a channel

```js
// Assign the obtained token to the token parameter in the join method
let token = await fetchToken(uid, options.channel, 1);
await client.join(options.appId, options.channel, token, uid);
```

### Token expiration

After you join a channel using a token, the SDK triggers the `token-privilege-will-expire` callback, 30 seconds before the token is set to expire. Upon receiving this callback, retrieve a fresh token from the server and call the `renewToken` method to pass the newly generated token to the SDK.

```javascript
client.on("token-privilege-will-expire", async function () {
// When you receive the token-privilege-will-expire callback, request a fresh token from the server
let token = await fetchToken(uid, options.channel, 1);
// Call renewToken to pass the new token to the SDK
await client.renewToken(token);
});
```

When the token expires, the SDK triggers the `token-privilege-did-expire` callback. In this case, retrieve a fresh token from the server and call the `join` method to rejoin the channel with the new token:

```javascript
// The token expired.
client.on("token-privilege-did-expire", async function () {
console.log("Fetching a new token")
// Request a new token from the server
let token = await fetchToken(uid, options.channel, 1);
console.log("Rejoining the channel with new token")
// Call join to rejoin the channel
await client.join(options.appId, options.channel, token, uid);
});
```

### Complete sample code

For a complete implementation of token authentication, refer to the following code:

<details>
<summary>Sample code for basic authentication</summary>
Expand Down Expand Up @@ -117,17 +181,17 @@ This section shows you how to integrate token authentication in your <Vpl k="CLI

});

// When you receive the token-privilege-will-expire callback, request a new token from the server and call renewToken to pass the new Token to the SDK
// When you receive the token-privilege-will-expire callback, request a new token from the server and call renewToken to pass the new token to the SDK
client.on("token-privilege-will-expire", async function () {
let token = await fetchToken(uid, options.channel, 1);
await client.renewToken(token);
});

// When you receive the token-privilege-did-expire callback, request a new token from the server and call join to rejoin the channel.
client.on("token-privilege-did-expire", async function () {
console.log("Fetching the new Token")
console.log("Fetching a new token")
let token = await fetchToken(uid, options.channel, 1);
console.log("Rejoining the channel with new Token")
console.log("Rejoining the channel with a new token")
await client.join(options.appId, options.channel, token, uid);
});

Expand All @@ -139,18 +203,10 @@ This section shows you how to integrate token authentication in your <Vpl k="CLI

Replace `<Your app ID>` with your app ID, which must be consistent with the app ID you specified in the server configuration. Update `<Your Host URL and port>` with the host URL and port of the local Golang server you have deployed. For example `99.9.9.99:8082`.

The sample code implements the following logic:

* Calls `join` to join a channel using the user ID, the channel name, and a token you obtain from the server. The user ID and channel name you specify must be consistent with the values you used to generate the token.

* The SDK triggers an `token-privilege-will-expire` callback 30 seconds before the token expires. After receiving the callback, you obtain a new token from the server and call `renewToken` to pass the newly generated token to the SDK.

* If the token expires, the SDK triggers an `token-privilege-did-expire` callback. After receiving the callback, obtain a new token from the server and call `join` with the new token to rejoin the channel.

Build and run the project on the local device, the <Vpl k="CLIENT" /> performs the following operations:

* Obtains a token from your token server.
* Joins the channel.
* Automatically renews the token when it is about to expire.
* Automatically renews the token when it is about to expire.

</PlatformWrapper>
Loading