Documentation
Documentation
Demo APP
SDK 中心
API 中心
FAQ
代码市场
Console
Sign Up
Log In
中文站 English
On-Premises Recording
  • On-Premises Recording
Expand All
  • Overview
  • SDK Downloads
  • Sample Codes
  • Quick Starts
  • Performance Data
  • API Documents
  • Documentation
  • On-Premises Recording
  • Quick Starts
  • Use Token Authentication

Use Token authentication

Last updated:2022-03-23 14:56

Function Introduction

Authentication refers to verifying whether a user has the right to access the system to avoid security risks caused by lack of permission Controller or improper operation. ZEGO authenticates users through tokens (including basic authentication tokens and authorization authentication tokens).

Basic authentication Token means that the developer must pass the Token to the SDK through the SetCustomToken interface to verify the legitimacy of the user before logging in to the room.

Permission authentication Token refers to opening the room ID permission bit to further improve security, which can verify the ID of the login room.

Get the AppID and ServerSecret

Go to ZEGOCLOUD Admin Console to get the App ID and ServerSecret of your project.

After getting your AppID and ServerSecret, you can define the validation rules on your app server or client based on your business requirements.

Upon request from your app clients, your app server generates Tokens and sends the Tokens to the corresponding app clients.

ZEGOCLOUD provides an open-source Token generator plug-in on GitHub, which you can use to generate Tokens on your app server using different programming languages such as Go, C++, Java, Python, PHP,.NET, and Node.js.

Currently, the Token generator we provided supports generating the following two Tokens:

  • User identity Token: to check user identity, you can pass null to the payload field.
  • User privilege Token: to check user privileges by validating the room ID and the ID of the published stream, the payload field needs to be generated based on the following validation rules:
    • Validate room login privilege only: to check users' privilege to log in to a room, but not to check their privilege to publish streams in a room.
    • Validate stream publishing privilege only: to check users' privilege to publish streams in a room, but not to check their privilege to log in to a room.
    • Validate both room login and stream publishing privileges: to check users' privilege to log in to a room and also their privilege to publish streams in a room.
  • For business security, you must generate Tokens on your app server; Otherwise, there is a risk of ServerSecret being stolen.
  • For the ZEGO Express SDK 2.17.0 or later, use the token04 of the Token generator to generate a Token.
Language Supported version Core function Code base Sample code
User identity Token User privilege Token
Go
Go 1.14.15 or later
GenerateToken04
C++
C++ 11  or later
GenerateToken04
Java
Java 1.8  or later
generateToken04
Python
Python 3.6.8  or later
generate_token04
PHP
PHP 7.0  or later
generateToken04
.NET
.NET Framework 3.5  or later
GenerateToken04
Node.js
Node.js 8  or later
generateToken04

Take Go language as an example, you can do the following steps to generate a Token:

  1. go get github.com/ZEGOCLOUD/zego_server_assistant
  2. import "github.com/ZEGOCLOUD/zego_server_assistant/token/go/src/token04"
  3. Call the GenerateToken04 method to generate a Token.

The following code shows how to generate a user identity Token:

package main

import (
    "fmt"
    "github.com/ZEGOCLOUD/zego_server_assistant/token/go/src/token04"
)

/*
Sample code for generating a user identity Token: 
*/

func main() {
    var appId uint32 = 1
    userId := "demo"
    serverSecret := "fa94dd0f974cf2e293728a526b028271"
    var effectiveTimeInSeconds int64 = 3600
    var payload string = ""

    token, err := token04.GenerateToken04(appId, userId, serverSecret, effectiveTimeInSeconds, payload)
    if err != nil {
        fmt.Println(err)
        return
    }
    fmt.Println(token)
}

The following code shows how to generate a user privilege Token:

package main

import (
    "encoding/json"
    "fmt"
    "github.com/ZEGOCLOUD/zego_server_assistant/token/go/src/token04"
)

/*
Sample code for generating a user privilege Token:
 */


//Token-based business logic: RTC room-related authentication property 
type RtcRoomPayLoad struct {
    RoomId       string      `json:"room_id"`           //Room ID: used to to validate the room.
    Privilege    map[int]int `json:"privilege"`         //User privilege authentication control list: used to validate user privileges 
    StreamIdList []string    `json:"stream_id_list"`    //Stream list: used to validate the stream. This value can be null, and no stream will be validated if it is null.
}

func main() {
    var appId uint32 = 1
    roomId := "demo"
    userId := "demo"
    serverSecret := "fa94dd0f974cf2e293728a526b028271"
    var effectiveTimeInSeconds int64 = 3600
    privilege := make(map[int]int)
    privilege[token04.PrivilegeKeyLogin] = token04.PrivilegeEnable
    privilege[token04.PrivilegeKeyPublish] = token04.PrivilegeEnable

    payloadData := &RtcRoomPayLoad{
        RoomId:       roomId,
        Privilege:    privilege,
        StreamIdList: nil,
    }

    payload, err := json.Marshal(payloadData)
    if err != nil {
        fmt.Println(err)
        return
    }

    token, err := token04.GenerateToken04(appId, userId, serverSecret, effectiveTimeInSeconds, string(payload))
    if err != nil {
        fmt.Println(err)
        return
    }
    fmt.Println(token)
}

How to get a temporary Token

To make it easier for you to try and test the user authentication feature, ZEGOCLOUD Admin Console provides a tool for generating temporary Tokens, which you can use directly in a testing environment. In production, you must generate Tokens on your app server.

Set Token

Passes the Token to the SDK through the SetCustomToken interface before logging in to the room.

LIVEROOM::SetCustomToken("Token"); // Replace Token with the obtained Token information
Page Directory
  • Free trial