A question regarding tokens

[neilyoung]

According to some source I have used this app on the web to validate my tokens generated with NodeJS:

https://webdemo.agora.io/basicVideoCall/index.html#

So far my tokens were accepted, but some questions remain:

• I was creating a token in Role.SUBSCRIBER, expecting, this token would prevent me from PUBLISHING. It didn't. I was able to publish (at least according to the browser's console log and WebRTC internals)
• I was expecting to see some callback or log on token expiration, which was very limited at 60 s. Nothing happened.

So first question: Why am I able to Publish with a Subscribe token using this app above? And why did my token not expire?

Another question: Do I really need several tokens per connection? One for the publisher and N for the subscriber(s)?

Please elaborate

[plutoless]

Why am I able to Publish with a Subscribe token using this app above? And why did my token not expire? The strict token permission feature needs to be turned on first to make it work, for normal project the token is mainly used to authenticate you from joinning channel, not checking publish/subscribe privileges. For token expire, you can try signing your token joinchannel privilege with a timestamp, and there should be a callback to notify you that you will need to renew your token. You will be kicked offline if not doing so.

Another question: Do I really need several tokens per connection? One for the publisher and N for the subscriber(s)? You will need to dynamically generate a token for every different user when they join channel, this is usually good to protect your channel from being abused by anonymous users. For privilege control, it really depends on your business use case, but usually you don't need that strict permission control.

[neilyoung]

Thanks again for your help.

The strict token permission feature needs to be turned on first to make it work

Where is this supposed to be enabled?

For token expire, you can try signing your token joinchannel privilege with a timestamp, and there should be a callback to notify you that you will need to renew your token. You will be kicked offline if not doing so.

I thought I would do that:

    const expirationTimeInSeconds = 3600
    const currentTimestamp = Math.floor(Date.now() / 1000)
    const privilegeExpiredTs = currentTimestamp + expirationTimeInSeconds

    // /Build token with uid
    const tokenA = RtcTokenBuilder.buildTokenWithUid(appID, appCertificate, channelName, userId, role, privilegeExpiredTs);
    console.log("Token With Integer Number Uid: " + tokenA);

The tokens created here did work, but never indicated any expiration.

[plutoless]

Where is this supposed to be enabled? in agora console or you can open ticket to agora support team.

could you pls share a token you generated so that i can try analyzing?

[neilyoung]

Token With Integer Number Uid: 007eJxTYNi8p41x3bX/7VNsOqK+z7/AfbDy8ixe/Y/LdoZFekUaCaYoMCSmJCYnWVqYJJtapJmYmCcnJhuZmCclGxsbWqYkWZia+2ffTo2vvJ1695QeCyMDIwMLEIMAE5hkBpMsYJKdISg1MbkkzJmDwcTc0BCEAZidI+Q=

Created right now. Expiration +3600 s

[plutoless]

looks like there's sth wrong with your sample code, where did you take the reference? here you can find latest sample, https://github.com/AgoraIO/Tools/blob/master/DynamicKey/AgoraDynamicKey/nodejs/sample/RtcTokenBuilder2Sample.js

[neilyoung]

OK, thanks. Changed it. What about this?

Token With Integer Number Uid: 007eJxTYPj/7u+JTF1BoYsqOzsko1JlFZ5sjDFdrmf9KPljQFPU7wUKDIkpiclJlhYmyaYWaSYm5smJyUYm5knJxsaGlilJFqbmG3JvpwrwMTCw82kzMjIwMrAAMYjPBCaZwSQLmGRnCEpNTC4Jc+ZgMDE3NARhALk1IMc=

[plutoless]

now it looks better, this token will expire at 2024/02/25 17:41:20 +00:00 UTC time.

[neilyoung]

Perfect. Thanks again for your help.

[neilyoung]

Would you mind to help me with another token issue?