Authentication
Overview
To avoid unauthorized service access or operations, ZEGOCLOUD uses digital Tokens to control and validate users' login privileges.
The validation process
Before you log in to a room, your app clients request Tokens from your app server and provide the Token for privilege validation when logging in to a room.
The following diagram shows the process of room login privilege validation:
Generate a Token
For business security, you must generate Tokens on your app server.
-
Go to ZEGOCLOUD Admin Console, and do the following:
- Create a project, get the AppID and AppSign.
- Subscribe to the In-app Chat service.
-
Use the
token generator
plug-in provided by ZEGOCLOUD to generate Tokens on your app server.
Take Go language as an example, you can do the following steps to generate a Token:
- go get github.com/ZEGOCLOUD/zego_server_assistant
- import "github.com/ZEGOCLOUD/zego_server_assistant/token/go/src/token04"
- Call the
GenerateToken04
method to generate a Token.
The following code shows how to generate a user identity Token:
Language | Supported version | Core function | Code base | Sample code | |
---|---|---|---|---|---|
User identity Token | User privilege Token | ||||
Go | Go 1.14.15 or later | GenerateToken04 | |||
C++ | C++ 11 or later | GenerateToken04 | |||
Java | Java 1.8 or later | generateToken04 | |||
Python | Python 3.6.8 or later | generate_token04 | |||
PHP | PHP 7.0 or later | generateToken04 | |||
.NET | .NET Framework 3.5 or later | GenerateToken04 | |||
Node.js | Node.js 8 or later | generateToken04 |
var appId uint32 = <Your AppId> // type: uint32
userId := <Your userID> // type: string
secret := <ServerSecret> // type: 32 byte length string
var effectiveTimeInSeconds int64 = <Your token effectiveTime> //type: int64; unit: s
token, err := zsa.GenerateToken04(appId, userId, secret, effectiveTimeInSeconds)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(token)
Use the Token
When logging in to a room, you need to pass the Token for validation. Otherwise, the login will fail.
try{
ZIMLoginConfig loginConfig = ZIMLoginConfig();
// The user's nickname, leave it blank if you don't want to modify the nickname
loginConfig.userName = 'userName';
// If using token as the authentication method, please fill in this parameter, otherwise no need to fill in
loginConfig.token = '';
// Whether this login is an offline login, please refer to the offline login documentation for details
loginConfig.isOfflineLogin = false;
await ZIM.getInstance()?.login('zego', loginConfig);
// Login successful, write the business logic for successful login
} on PlatformException catch(onError){
// Login failed
// Error code for login failure, please refer to the error code table in the integration documentation for handling
onError.code;
// Error message for login failure
onError.message;
}
Renew the Token
In the 30 seconds before a Token expires, the SDK sends out a notification through the onTokenWillExpire callback. (If the period of validity of the Token is less than 30 seconds after a successful room login, the callback triggers immediately. )
Upon receiving this callback, you need to get a new Token from your app server first, and then pass the new Token to the onTokenWillExpire method.
When the token expires and is not updated, the user will be disconnected and receive the onConnectionStateChanged callback, where the event is tokenExpired and the state is disconnected.
ZIMEventHandler.onTokenWillExpire = (zim, second) {
ZIM.getInstance().renewToken('new token');
};