Use tokens for authentication

更新时间:
复制 MD 格式

Real-Time Communication (RTC) provides two methods to generate tokens. This topic describes how to generate tokens in the RTC console and on the application server.

Prerequisites

Background information

A token is a security credential in the form of a signature, and is used to authenticate your identity and protect your cloud services from malicious parties. You need to specify AppID, UserID, ChannelId, Nonce, TimeStamp, GSLB, and Token when you invoke the function to join a channel. AppID is used to identify the application and UserID is used to identify the user. Token is calculated based on AppID and UserID by using the SHA256 encryption algorithm. This prevents malicious parties from forging a Token to gain access to your cloud services.

Usage notes

Tokens that are generated by using the console are temporary, and are usually used for testing. If you want to obtain an official token, use the server to generate one.

Generate a token in the console

  1. Log on to the Real-Time Communication RTC console.
  2. In the left-side navigation pane, click Development Tools. The Development Tools page is displayed.
  3. Optional:Generate a token.
    1. Click the Token Generator tab and configure the required parameters.
      ParameterDescription
      AppIDThe application ID. You can create and view application IDs on the Applications page in the RTC console. For more information, see Applications.
      AppKeyThe application key. You can query application keys on the Applications page in the console. For more information, see Query AppKey.
      ChannelIdThe ID of the channel. The ID must be 1 to 64 characters in length and can contain letters, digits, underscores (_), and hyphens (-).
      UserIdThe ID of the user. The ID must be 1 to 64 characters in length and can contain letters, digits, underscores (_), and hyphens (-).
      NonceA random string. Nonces start with AK- and consist of letters and digits. Nonces can contain up to 64 characters. Example: AK-2b9be4b25c2d38c409c376ffd2372be1.
      TimeStampThe timestamp that indicates when the token expires. You can select 12 hours, 24 hours, 3 days, or 7 days.
    2. Click Generate, and view the generated token.
      Generate a token
  4. Optional:Verify a token.
    1. Click the Token Verifier tab and configure the required parameters.
      ParameterDescription
      AppIDThe application ID. You can create and view application IDs on the Applications page in the RTC console. For more information, see Applications.
      AppKeyThe application key. You can query application keys on the Applications page in the console. For more information, see Query AppKey.
      ChannelIdThe ID of the channel. The ID must be 1 to 64 characters in length and can contain letters, digits, underscores (_), and hyphens (-).
      UserIdThe ID of the user. The ID must be 1 to 64 characters in length and can contain letters, digits, underscores (_), and hyphens (-).
      NonceA random string. Nonces are issued by the application server. Nonces start with AK- and consist of letters and digits. Nonces can contain up to 64 characters. Example: AK-2b9be4b25c2d38c409c376ffd2372be1.
      TimeStampThe timestamp that indicates when the token expires. For example, 1560588594 indicates that the token expires at 16:49:54, June 15, 2019.
      TokenThe token that is used to join the channel. The token is generated by the application server.
    2. Click Verify.
      • If the verification is successful, you can join the channel to make a call.
      • If the verification fails, check the parameters and the token issued by the application server.

Generate a token on the application server

We recommend that you generate the Token on the application server to ensure the security of the key used to generate your token. The following procedure describes how a token is generated on the application server.

  1. Before your application initializes RTC SDK, the application obtains a Token from the application server.
  2. The server calculates the Token based on the following formula.
    token = sha256(appId + appKey + channelId + userId + nonce + timestamp)
  3. The server returns the token to your application.
  4. Your application calls an API operation to send the token to RTC SDK.
  5. RTC SDK submits the token to Alibaba Cloud for verification.
  6. Alibaba Cloud receives and verifies the token.
  7. After the token is verified, you are granted access to the RTC service.
ParameterDescription
AppIDThe application ID. Application IDs are created in the RTC console.
UserIDThe unique user ID that is generated by the application server. Each user can join only one active channel at any time. If a user attempts to join a channel by using two devices at the same time, the first device is dropped from the channel when the second device joins the channel. User IDs consist of letters and digits and can contain up to 64 characters. Example: 2b9be4b25c2d38c409c376ffd2372be1.
ChannelIDThe channel ID that is generated by the application server. The ID cannot be 0. Duplicate channel IDs are not allowed. Channel IDs consist of letters, digits, and hyphens (-) and can contain up to 64 characters. Example: 181-218-3406.
NonceA random string that is generated by the application server. Nonces start with AK- and consist of letters and digits. Nonces can contain up to 64 characters. Example: AK-2b9be4b25c2d38c409c376ffd2372be1.
TimestampThe timestamp that indicates when the token expires. For example, 1560588594 indicates that the token expires at 16:49:54, June 15, 2019.
TokenThe token that is used to join the channel. The token is generated by the application server. The following formula is used to calculate the token: sha256(appId + appKey + channelId + userId + nonce + timestamp).
GSLBThe service endpoint. This parameter is an array. We recommend that you issue the service endpoint ["https://rgslb.rtc.aliyuncs.com"] to the client SDK through the application server instead of including the service endpoint in the client code.

The SHA256 algorithm is used to generate the Token on the application server. The following items describe the functions that are invoked to generate a Token in different programs.

  • Invoke the CreateToken function to generate tokens for programs that are developed in Go. For more information, see Golang Demo.
  • Invoke the createToken function to generate tokens for programs that are developed in Java. For more information, see Java Demo.
  • Invoke the create_token function to generate tokens for programs that are developed in Python. For more information, see Python Demo.
  • Invoke the CreateToken function to generate tokens for programs that are developed in C#. For more information, see C# Demo.
  • Invoke the CreateToken function to generate tokens for programs that run on Node.js. For more information, see Nodejs Demo.
  • Invoke the CreateToken function to generate tokens for programs that are developed in PHP. For more information, see PHP Demo.