Users expect their data to be kept private and safe from any kind of intrusion. In webRTC, the task of security becomes very crucial because we see a lot of sensitive data being transmitted over these networks. So how can we ensure that we provide an appropriate method of security?
The answer is tokens. A token is a dynamic key that is used for authentication when a user joins an RTC channel or logs in to an RTM system. The token is a timed string that needs to be regenerated after a set interval of time (<24 hrs).
In this tutorial, we will see how we can generate our own token and fetch it from our server. We can then use this token to join a channel. You can deploy your own server to generate tokens, or you can use this example. In this tutorial, we will be using this example to make our token server. You can easily deploy the same server by following the instructions in the README.md
file.
We will be using this video call demo as our base. On top of this demo, we will add the token service to join a channel. You can read more about the solution here.
Generating a token server is a simple as sending a GET request to your server with the following fields:
This value needs to be generated before you join the channel because you need to pass it to the joinChannel()
method.
Generating a Token
Note: If you’re running an android emulator and trying to access your token server running locally use the url: http://10.0.2.2. Why?
Now you can call the getToken()
function before joining the joinChannel()
method like this:
await getToken();
await _engine.joinChannel(token, widget.channelName, null, 0);
A token is a dynamic value that is valid for up to 24 hours. After that, this value needs to be regenerated. You can use any time frame that is less than 24 hours within which a new token needs to be generated.
When a user’s token is expiring within the next 30 seconds, Agora provides a callback tokenPrivilegeWillExpire()
to register that. We use this callback to then generate a new token by calling our getToken()
function again. After we have a new token value, we need to use it to stay connected, which can be done by calling the renewToken()
method.
Security is essential for any webRTC application. Any application that is currently live or in production should use a token. Using the method given in this tutorial, you can quickly add a token to your application and ensure that your application is always secure.
You can get the complete code for this application here.
To learn more about the Agora Flutter SDK and other use cases, see the developer guide here.
You can also have a look at the complete documentation for the functions discussed above and many more here.
And I invite you to join the Agora Developer Slack Community.