- Documentation
- On-Premises Recording
- Quick Starts
- Use Token Authentication
Use Token authentication
Function Introduction
Authentication refers to verifying whether a user has the right to access the system to avoid security risks caused by lack of permission Controller or improper operation. ZEGO authenticates users through tokens (including basic authentication tokens and authorization authentication tokens).
Basic authentication Token means that the developer must pass the Token to the SDK through the SetCustomToken interface to verify the legitimacy of the user before logging in to the room.
Permission authentication Token refers to opening the room ID permission bit to further improve security, which can verify the ID of the login room.
Get the AppID and ServerSecret
Go to ZEGOCLOUD Admin Console to get the App ID and ServerSecret of your project.
Generate a Token on your app server (recommended)
After getting your AppID and ServerSecret, you can define the validation rules on your app server or client based on your business requirements.
Upon request from your app clients, your app server generates Tokens and sends the Tokens to the corresponding app clients.
ZEGOCLOUD provides an open-source Token generator plug-in on GitHub, which you can use to generate Tokens on your app server using different programming languages such as Go, C++, Java, Python, PHP,.NET, and Node.js.
Currently, the Token generator we provided supports generating the following two Tokens:
- User identity Token: to check user identity, you can pass null to the
payload
field. - User privilege Token: to check user privileges by validating the room ID and the ID of the published stream, the
payload
field needs to be generated based on the following validation rules:- Validate room login privilege only: to check users' privilege to log in to a room, but not to check their privilege to publish streams in a room.
- Validate stream publishing privilege only: to check users' privilege to publish streams in a room, but not to check their privilege to log in to a room.
- Validate both room login and stream publishing privileges: to check users' privilege to log in to a room and also their privilege to publish streams in a room.
- For business security, you must generate Tokens on your app server; Otherwise, there is a risk of ServerSecret being stolen.
- For the ZEGO Express SDK 2.17.0 or later, use the
token04
of the Token generator to generate a Token.
Language | Supported version | Core function | Code base | Sample code | |
---|---|---|---|---|---|
User identity Token | User privilege Token | ||||
Go |
Go 1.14.15 or later |
GenerateToken04 |
|||
C++ |
C++ 11 or later |
GenerateToken04 |
|||
Java |
Java 1.8 or later |
generateToken04 |
|||
Python |
Python 3.6.8 or later |
generate_token04 |
|||
PHP |
PHP 7.0 or later |
generateToken04 |
|||
.NET |
.NET Framework 3.5 or later |
GenerateToken04 |
|||
Node.js |
Node.js 8 or later |
generateToken04 |
Take Go language as an example, you can do the following steps to generate a Token:
- go get github.com/ZEGOCLOUD/zego_server_assistant
- import "github.com/ZEGOCLOUD/zego_server_assistant/token/go/src/token04"
- Call the
GenerateToken04
method to generate a Token.
The following code shows how to generate a user identity Token:
package main
import (
"fmt"
"github.com/ZEGOCLOUD/zego_server_assistant/token/go/src/token04"
)
/*
Sample code for generating a user identity Token:
*/
func main() {
var appId uint32 = 1
userId := "demo"
serverSecret := "fa94dd0f974cf2e293728a526b028271"
var effectiveTimeInSeconds int64 = 3600
var payload string = ""
token, err := token04.GenerateToken04(appId, userId, serverSecret, effectiveTimeInSeconds, payload)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(token)
}
The following code shows how to generate a user privilege Token:
package main
import (
"encoding/json"
"fmt"
"github.com/ZEGOCLOUD/zego_server_assistant/token/go/src/token04"
)
/*
Sample code for generating a user privilege Token:
*/
//Token-based business logic: RTC room-related authentication property
type RtcRoomPayLoad struct {
RoomId string `json:"room_id"` //Room ID: used to to validate the room.
Privilege map[int]int `json:"privilege"` //User privilege authentication control list: used to validate user privileges
StreamIdList []string `json:"stream_id_list"` //Stream list: used to validate the stream. This value can be null, and no stream will be validated if it is null.
}
func main() {
var appId uint32 = 1
roomId := "demo"
userId := "demo"
serverSecret := "fa94dd0f974cf2e293728a526b028271"
var effectiveTimeInSeconds int64 = 3600
privilege := make(map[int]int)
privilege[token04.PrivilegeKeyLogin] = token04.PrivilegeEnable
privilege[token04.PrivilegeKeyPublish] = token04.PrivilegeEnable
payloadData := &RtcRoomPayLoad{
RoomId: roomId,
Privilege: privilege,
StreamIdList: nil,
}
payload, err := json.Marshal(payloadData)
if err != nil {
fmt.Println(err)
return
}
token, err := token04.GenerateToken04(appId, userId, serverSecret, effectiveTimeInSeconds, string(payload))
if err != nil {
fmt.Println(err)
return
}
fmt.Println(token)
}
How to get a temporary Token
To make it easier for you to try and test the user authentication feature, ZEGOCLOUD Admin Console provides a tool for generating temporary Tokens, which you can use directly in a testing environment. In production, you must generate Tokens on your app server.
Set Token
Passes the Token to the SDK through the SetCustomToken interface before logging in to the room.
LIVEROOM::SetCustomToken("Token"); // Replace Token with the obtained Token information