search

twilio / twilio-video-app-react

A collaboration application built with the twilio-video.js SDK and React.js
Apache License 2.0
1.81k stars 727 forks source link

Removing Passcode for production environment #436

Closed instantwpuserwin closed 3 years ago

instantwpuserwin commented 3 years ago

Question how can I remove Passcode for production environment

Additional context The app works right out of box and it does work.

Now, to remove Passcode for production environments

For production environments following tutorial/helper library is suggesetd https://www.twilio.com/docs/video/tutorials/user-identity-access-tokens

But I do see this already in server.js?

If so, how can I remove Passcode for production environment and make sure it does use server.js?

How I can change following(package.json) so that it runs without a passcode?

"deploy:twilio-cli": "cross-env REACT_APP_SET_AUTH=passcode npm run build && twilio rtc:apps:video:deploy --authentication=passcode --app-directory ./build"

Might be I did not get this right?

Please help.

timmydoza commented 3 years ago

Thanks for the question @instantwpuserwin!

Unfortunately, we don't have a feature in our CLI plugin that allows you to remove the passcode. We added the passcode feature for security purposes. Without it, anyone can use your video app and incur charges on your Twilio account. Also, the quick deploy feature is only meant to be used for demo purposes, not production.

The server.js file can be used to run the app locally, or on a production server of your choice (Firebase, Heroku, AWS, etc.). What service you decide to use is entirely up to you. Keep in mind that server.js has no user authentication built in, so if you deploy this server somewhere, anyone can use it and incur charges on your account.

Server.js cannot be used with the npm run deploy:twilio-cli command. That command deploys its own severless endpoints to the Twilio Serverless environment. It does not deploy server.js.

I wish that I could give you a better answer on how to use this app in production, but there are just too many ways to do that. There are many cloud platforms that host applications like this, and there are many different ways to secure this application for production use. I can't decide what will be best for your use case, so this is something that you will have to decide (and build) yourself.

Please let me know if you have any other questions!