Open in app

Sign in

Write

Sign in

Tutorial for Agora Token Authentication

Haratakayasu
5 min readJul 8, 2021

The security problem engulfed the world’s most popular video chat solution a.k.a “Zoom” brought public attention lately due to the leaking issue of video information, while ZOOM officially said that end-to-end data encryption technology has been implemented and users data had been securely protected.

Agora Platform, on the other hand, provides a secured service that has been enhanced with token authentication, generated with several inputs including channel name, user id and some other options available. In this tutorial series, we will explore a token authentication mechanism in depth and build a simple (Express.js and Node.js) backend server which may be incorporated with any web server.

Prerequisites :

  • rudiments of nodejs and javascript
  • basic knowledge of how RESTful API works
  • Agora developer account and AppId and App certified ID
  • npm package manipulation

Full Code :

you can also access a full code of this tutorial at :

https://github.com/TakaRaisonDetre/agora_blog_001/blob/master/index.js

The initial setup of the project :

The first thing is that you need to create a node project using your terminal or VS code. We will simply hit ‘npm init’ to create a node boilar-plate project in a project folder you define and simply select default settings for the configuration. Once compiled without any issues, we additionally need to have several dependencies which you need to be taken care of : “express” and “agora access-token”. We will simply install both of them using npm package manager.

npm install express

npm install agora-access-token

Express Server Preparation :

The procedure here is nothing particularly unique from the way you build express server for other RESTful API operations. But we need to define some constants and add some express middleware functions to fetch an agora token. So please bear with us.

First, we need an express object on the top of the index.js. In addition, we will utilize two objects so called RtcTokenBuilder and RtcRole from agora-access-token

The local port we are going to use is 8080 tentatively, and add it.

Then, we are going to provide an appId and an app certificate.

Finally, we will instantiate an express object to set up our backend server.

Express middleware function to use a fresh token each time :

Express middleware functions are used to access request object, response object and the next middleware function, often denoted by next(). When the latest middleware function does not end the req/res cycle, it would need to call next() to go to the next middleware function. We will use this feature of express middleware and avoid users using the same token to join the specific channel. To accomplish this, we will create a function called “nocache” that is applied to a response header. With this “nocache” middleware function, the browser would not cache the response. In other words, users are always able to use a newly created token for their authentication.

Now, we are fully ready to handle the request and return json object response and we are going to prepare with the next middleware called “generateToken” function in order for us to fetch Agora Token eventually.

RtcTokenBuilder : finally generate agora Token

The first line of the code is a response header to avoid any cross-origin-resource-sharing problem and accept any domain by ‘*’. This ensures that we are not stuck with CORS restrictions.

Next, there are several parameters which we need to define and access the json response object.

  • channelName — required
  • uid — optional
  • role — optional
  • expirationTime — optional

The channel name is required and add following lines of code.

User id, role and expirationTime are all optional and therefore we are going to assign default values: 0 for uid, default role for users as SUBSCRIBER otherwise PUBLISHER.

As far as expirationTime is concerned, we will make it 3600 as a default seconds value which is approximately an hour to join the respective channel with a channel name prior to the privilege expiration.

To acquire “priviledgeExpirationTime”, we are simply adding currentTime with expireTime as is illustrated in “if ‘’ statements below.

Now, we are ready to supply “AppId”, “certificateId”, “channelname”, “uid”, “role”, “priviledgeExpireTime” into a “token” function with RtcTokenBuilder objects called buildTokenWithUid. Finally, we will be able to generate a token and return the json response object that has the token string.

Results :

Finally, for your local server test, you can simply hit “node index.js” and run server instance. Then your terminal shows ‘listening on port : 8080" which means your server instance is up and running and listening to the port 8080. Once the server instance is running, we can open your web browser and type

localhost:8080/access_token?channelName=”your channel name”

with a parameter which is a channelname. If the browser outputs a token json object, the test is supposed to be successful. Congrats!

Agora Authentication
React
Express

--

--

Haratakayasu

Written by Haratakayasu

1 Follower

Takayasu Hara is a IT / music related business consultant based at Tokyo, Japan

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams