Users expect their data to be kept private and safe from any kind of intrusion. In webRTC, the task of security becomes very crucial because we see a lot of sensitive data being transmitted over these networks. So how can we ensure that we provide an appropriate method of security?
The answer is tokens. A token is a dynamic key that is used for authentication when a user joins an RTC channel or logs in to an RTM system. The token is a timed string that needs to be regenerated after a set interval of time (<24 hrs).
In this tutorial, we will see how we can generate our own token and fetch it from our server. We can then use this token to join a channel. You can deploy your own server to generate tokens, or you can use this example. In this tutorial, we will be using this example to make our token server. You can easily deploy the same server by following the instructions in the
- An Agora developer account (see How to Get Started with Agora)
- Flutter SDK
- An Agora token server
Connecting With Tokens
Generating a token server is a simple as sending a GET request to your server with the following fields:
- Channel Name: Every token is linked with a channel name. To enter a channel, all users should have the same token value.
- UID: The UID is a unique integer value that is used to distinguish every user in the channel. Passing 0 to UID allows Agora to generate a UID for you from the server side.
- Expiry Time: Since the token holds a dynamic value, it needs to be refreshed after a certain period of time.
This value needs to be generated before you join the channel because you need to pass it to the
Now you can call the
getToken() function before joining the joinChannel() method like this:
await _engine.joinChannel(token, widget.channelName, null, 0);
A token is a dynamic value that is valid for up to 24 hours. After that, this value needs to be regenerated. You can use any time frame that is less than 24 hours within which a new token needs to be generated.
When a user’s token is expiring within the next 30 seconds, Agora provides a callback
tokenPrivilegeWillExpire() to register that. We use this callback to then generate a new token by calling our
getToken() function again. After we have a new token value, we need to use it to stay connected, which can be done by calling the
Security is essential for any webRTC application. Any application that is currently live or in production should use a token. Using the method given in this tutorial, you can quickly add a token to your application and ensure that your application is always secure.
You can get the complete code for this application here.
To learn more about the Agora Flutter SDK and other use cases, see the developer guide here.
You can also have a look at the complete documentation for the functions discussed above and many more here.
And I invite you to join the Agora.io Developer Slack Community.