How can I implement role authentication?

更新时间:
复制 MD 格式

Role authentication prevents users from tampering with the call logic of the Real-Time Communication (RTC) API, illegally performing stream ingest for video and audio tracks, or performing stream ingest for video and audio tracks without authorization. This topic describes how to implement role authentication.

Usage notes

  • Role authentication takes effect only in interaction mode.
  • The AppServer requires the value of the role parameter to calculate the token. To be specific, the AppServer appends the value of the role parameter to the original token string and encrypts the string.
  • If you want to join a channel as a streamer, you must assign the pub string to the role parameter.
  • If you want to join a channel as a viewer, you can assign the pub or sub string to the role parameter. If you assign the pub role to your account, you can switch to the streamer after you join the channel.
  • Suppose you have assigned the sub role to your account and you want to switch to the streamer. In this case, you must request a token for the pub role from the AppServer, call the RefreshAuthInfo method to pass the return values of the token, role, nonce, timestamp, and userid parameters to the SDK instance, and then call the setclientrole method to switch to the streamer.

Implementation method

001

Procedure

  1. Before you join a channel, request a token for authentication from the AppServer based on your business requirements. The following sample response provides an example where a token for the sub role is returned:
    {
        "code": "0",
        "data": {
          "appid": "pdtk****",
          "userid": "4b73ca5c****",
          "nonce": "AK-1cdf3ef44a794eec9b208ad95b8d****",
          "timestamp": "1614738724",
          "roleToken": "sub",
          "token": "eeb8407849aeb52c1f9748f3652bccbed31b0a11e0d75dbaebb60fef42a2****",
          "turn": {
            "username": "4b73ca5c1226?appid=pdtk****&channel=12345&nonce=AK-1cdf3ef44a794eec9b208ad95b8d****&timestamp=1614738724",
            "password": "eeb8407849aeb52c1f9748f3652bccbed31b0a11e0d75dbaebb60fef42a2****"
          },
          "gslb": "https://pgslb.rtc.aliyuncs.com",
          "agent": "pagent.rtc.aliyuncs.com",
          "description": "Janus - Janus - Staging"
        },
        "server": "1614565924571"
    }

    Assign the return value of the roleToken parameter to the role parameter.

  2. If you want to act as the streamer, request a token for the pub role. If you want to act as a viewer, continue with the token for the sub role, as shown in the preceding sample response. The sub role prevents users from illegally performing stream ingest.
  3. If you want to switch to another role after you join the channel, request a token as required from the AppServer and pass the returned authentication information to the SDK instance by calling the RefreshAuthInfo method.