This section introduces how to enable user authentication.
Jocloud SDK provides three authentication mechanisms: App ID authentication, Token authentication, and service callback authentication. The differences among three authentication mechanisms are as follows:
| Authentication Method | Configuration Method | Authentication Mechanism | Token Generation Server | Service Authentication Callback Server | Applicable Scenario |
|---|---|---|---|---|---|
| Application ID Authentication | Activate project | Jocloud checks application ID | Not required | Not required | Scenario requiring low security |
| Token Authentication | Activate project Enable certificate | Jocloud checks token | Required | Not required | Scenario requiring high security, such as logging in to audio/video services |
| Service Authentication Callback | Activate project Enable certificate Configure a service authentication callback address | Jocloud triggers callback of an authentication request to the business server | Required | Required | Scenario requiring extremely high security, such as audio/video uplink |
Each project owns one project ID (application ID) that is a unique identifier for this project.
Make sure that you have registered in Personal Center, and created the project. One user can create more projects.
Click Personal Center -> Project Management to view the details of your projects. Newly created projects should be activated. Only the application ID of the activated project can enable the applicationID authentication.
Click Personal Center -> Project Management to view the details of your projects. You can view your application ID in the project details page.
You should fill in application ID to SDK API and RESTful API to distinguish different projects.
Token is a user token and is more complex and safer than application ID verification. The application ID and the application certificate are combined to generate one token.
Click Personal Center -> Project Management to view the details of your projects. You can enable the application certificate in the project details page. The application ID and the application certificate are combined to generate one token.
Token is a verification method more complex and safer than the application ID. You should combine the application ID and application key to generate one token.
Token formats:
| Field Format | Field Name | Description |
|---|---|---|
| int32 | TokenVersion | Token version field |
| int32 | TokenLen | Byte length of one token including TokenLen field and DigitalSignature field |
| int32 | App ID | Project ID |
| int16 | uidLen | User ID length |
| String | uid | Unique user ID in the project |
| int16 | parameterLen | Key-value pairs of privilege parameters. Multiple key/value fields as below are allowed. |
| int16 | key length | Byte length of key |
| String | key | Contents of key |
| int16 | value length | Byte length of value |
| String | value | Contents of value |
| int16 | privileges | Key-value pairs of each privilege |
| int16 | key length | Byte length of key |
| String | key | Contents of key |
| int64 | value | Byte contents of value |
| int64 | buildTimestampMills | UTC time (since 1970-01-01 00:00:00) in milliseconds for generating token |
| int32 | ValidTime | Valid time of token (s) |
| 20 Bytes | DigitalSignature | Digital signature |
Note:
The multi-byte integer uses network byte order, generally Big Endian.
Expiration time of token = Timestamp + ValidTime Timestamp + ValidTime x 1000, UTC time (since 1970-01-01 00:00:00) in milliseconds.
Digital signature: It is generated by computing all data in front of DigitalSignature field via hmac-sha1 algorithm. The key required in computing is application key that can be gotten from the Personal Center -> Project Management page.
All parts of token shall be encoded to URL-safe base64 (not decoded from base64 and encoded to URL), since HTTP transmission is required for token.
A media cycle authentication server receives and processes HTTP request for authentication, with HTTP fields described as follows:
| Field | Description |
|---|---|
| Request Method | POST |
| Head | Content-Type: application/json;charset=UTF-8 |
| Request Content | JSON string (see the format in the table below) |
Description of JSON fields of request contents:
| Field | Description | Type |
|---|---|---|
| appId | Project ID | 32-bit unsigned integer |
| roomId | Room ID | String type |
| uid | User ID | String type |
| ip | User IP (dotted decimal) | String type |
| auth | Authentication type. See details in [Authentication Type](#Authentication Type) | 32-bit unsigned integer |
| sendTime | Request authentication time, UTC time (since 1970-01-01 00:00:00) in milliseconds | 64-bit unsigned integer |
| session | Authentication proxy session ID | String type |
| token | Token | String type |
The authentication business server responds the authentication request.
| Field | Description |
|---|---|
| HTTP Status Code | 200 execution succeeded |
| Response Header | application/json |
| Response Content | JSON string (see the format in the table below) |
Descriptions of json fields of the response contents:
| Field | Description | Type |
|---|---|---|
| code | Response code. See details in [Authentication Response Code](#Authentication Response Code) | 32-bit unsigned integer |
| message | Description | String type |
| session | Authentication proxy session ID, identical with the session field in the request contents | String |
| expire | Expired point-in time of authentication results, UTC time (since 1970-01-01 00:00:00) in milliseconds | 32-bit unsigned integer |
Note:
You can control the authentication request cycle through the expire field.
| Code | Description | Remark |
|---|---|---|
| 0 | Succeeded | Succeeded |
| 10000 | System error in application token API | Internal server error, try again |
| 10001 | No application token | No application token |
| 10002 | Application token verification failed | Application token verification failed |
| 10003 | Invalid appid parameter | Request parameter is not identical with appid in token |
| 10004 | Invalid user ID parameter | Request parameter is not identical with user ID in token |
| 10005 | Application token expired | Application token expired |
| 10006 | No application | No application |
| 10007 | Token is about to expire | Token will expire after 30 s |
| 10008 | The user is banned | The user is banned |
| 10009 | Parameter exception | Parameter exception |
| Name | Code | Description |
|---|---|---|
| AUTH_AUDIO_STREAM_SEND | 65538 | Audio stream uplink |
| AUTH_VIDEO_STREAM_SEND | 131074 | Video stream uplink |
Helpful
Not helpful
Submitted! Your feedback would help us improve the website.
Feedback
Top
