Authentication
Overview
To avoid unauthorized service access or operations, ZEGOCLOUD uses digital Tokens to control and validate users' login privileges.
The validation process
Before you log in to a room, your app clients request Tokens from your app server and provide the Token for privilege validation when logging in to a room.
The following diagram shows the process of room login privilege validation:
Generate a Token
- For your convenience during development and debugging, we provide the ZEGO Token Assistant to generate temporary Tokens.
- For business security, you must generate Tokens on your app server; Otherwise, there is a risk of ServerSecret being stolen.
- After generating a Token on your own server, if you need to verify its validity, you can also use the ZEGO Token Assistant for verification.
ZEGO Token Assistant
-
Go to ZEGOCLOUD Admin Console, and do the following:
- Create a project, get the AppID and AppSign.
- Subscribe to the In-app Chat service.
-
Use the
token generatorplug-in provided by ZEGOCLOUD to generate Tokens on your app server.
Take Go language as an example, you can do the following steps to generate a Token:
- go get github.com/ZEGOCLOUD/zego_server_assistant
- import "github.com/ZEGOCLOUD/zego_server_assistant/token/go/src/token04"
- Call the
GenerateToken04method to generate a Token.
The following code shows how to generate a user identity Token:
| Language | Supported version | Core function | Code base | Sample code | |
|---|---|---|---|---|---|
| User identity Token | User privilege Token | ||||
| Go | Go 1.14.15 or later | GenerateToken04 | |||
| C++ | C++ 11 or later | GenerateToken04 | |||
| Java | Java 1.8 or later | generateToken04 | |||
| Python | Python 3.6.8 or later | generate_token04 | |||
| PHP | PHP 7.0 or later | generateToken04 | |||
| .NET | .NET Framework 3.5 or later | GenerateToken04 | |||
| Node.js | Node.js 8 or later | generateToken04 | |||
var appId uint32 = <Your AppId> // type: uint32
userId := <Your userID> // type: string
secret := <ServerSecret> // type: 32 byte length string
var effectiveTimeInSeconds int64 = <Your token effectiveTime> //type: int64; unit: s
token, err := zsa.GenerateToken04(appId, userId, secret, effectiveTimeInSeconds)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(token)Use the Token
When logging in to a room, you need to pass the Token for validation. Otherwise, the login will fail.
ZIMLoginConfig config;
config.userName = 'YOUR_USER_NAME';
config.token = 'xxxx'; // The Token you get from your app server.
zim->login(userID, config, [=](zim::ZIMError errorInfo) {
// You can tell by the ZIMError errorInfo whether the room login is successful.
......
});Renew the Token
In the 30 seconds before a Token expires, the SDK sends out a notification through the onTokenWillExpire callback. (If the period of validity of the Token is less than 30 seconds after a successful room login, the callback triggers immediately. )
Upon receiving this callback, you need to get a new Token from your app server first, and then pass the new Token to the renewToken method.
When the token expires and is not updated, the user will be disconnected and receive the onConnectionStateChanged callback, where the event is TOKEN_EXPIRED and the state is DISCONNECTED.
void onTokenWillExpire(ZIM * zim, unsigned int second) override {
std::string token = getToken(); // Request a new Token from app server.
zim->renewToken(token, [=](const std::string &token, zim::ZIMError errorInfo) {
// You can tell by the ZIMError errorInfo whether the room login is successful.
......
});
}