Closed neilyoung closed 6 months ago
Why am I able to Publish with a Subscribe token using this app above? And why did my token not expire? The strict token permission feature needs to be turned on first to make it work, for normal project the token is mainly used to authenticate you from joinning channel, not checking publish/subscribe privileges. For token expire, you can try signing your token joinchannel privilege with a timestamp, and there should be a callback to notify you that you will need to renew your token. You will be kicked offline if not doing so.
Another question: Do I really need several tokens per connection? One for the publisher and N for the subscriber(s)? You will need to dynamically generate a token for every different user when they join channel, this is usually good to protect your channel from being abused by anonymous users. For privilege control, it really depends on your business use case, but usually you don't need that strict permission control.
Thanks again for your help.
The strict token permission feature needs to be turned on first to make it work
Where is this supposed to be enabled?
For token expire, you can try signing your token joinchannel privilege with a timestamp, and there should be a callback to notify you that you will need to renew your token. You will be kicked offline if not doing so.
I thought I would do that:
const expirationTimeInSeconds = 3600
const currentTimestamp = Math.floor(Date.now() / 1000)
const privilegeExpiredTs = currentTimestamp + expirationTimeInSeconds
// /Build token with uid
const tokenA = RtcTokenBuilder.buildTokenWithUid(appID, appCertificate, channelName, userId, role, privilegeExpiredTs);
console.log("Token With Integer Number Uid: " + tokenA);
The tokens created here did work, but never indicated any expiration.
Where is this supposed to be enabled? in agora console or you can open ticket to agora support team.
could you pls share a token you generated so that i can try analyzing?
Token With Integer Number Uid: 007eJxTYNi8p41x3bX/7VNsOqK+z7/AfbDy8ixe/Y/LdoZFekUaCaYoMCSmJCYnWVqYJJtapJmYmCcnJhuZmCclGxsbWqYkWZia+2ffTo2vvJ1695QeCyMDIwMLEIMAE5hkBpMsYJKdISg1MbkkzJmDwcTc0BCEAZidI+Q=
Created right now. Expiration +3600 s
looks like there's sth wrong with your sample code, where did you take the reference? here you can find latest sample, https://github.com/AgoraIO/Tools/blob/master/DynamicKey/AgoraDynamicKey/nodejs/sample/RtcTokenBuilder2Sample.js
OK, thanks. Changed it. What about this?
Token With Integer Number Uid: 007eJxTYPj/7u+JTF1BoYsqOzsko1JlFZ5sjDFdrmf9KPljQFPU7wUKDIkpiclJlhYmyaYWaSYm5smJyUYm5knJxsaGlilJFqbmG3JvpwrwMTCw82kzMjIwMrAAMYjPBCaZwSQLmGRnCEpNTC4Jc+ZgMDE3NARhALk1IMc=
now it looks better, this token will expire at 2024/02/25 17:41:20 +00:00 UTC time.
Perfect. Thanks again for your help.
Would you mind to help me with another token issue?
According to some source I have used this app on the web to validate my tokens generated with NodeJS:
https://webdemo.agora.io/basicVideoCall/index.html#
So far my tokens were accepted, but some questions remain:
So first question: Why am I able to Publish with a Subscribe token using this app above? And why did my token not expire?
Another question: Do I really need several tokens per connection? One for the publisher and N for the subscriber(s)?
Please elaborate