User Authentication (v2.0)

This section introduces how to enable user authentication.

Introduction

Jocloud SDK provides three authentication mechanisms: App ID authentication, Token authentication, and service callback authentication. The differences among three authentication mechanisms are as follows:

image

Authentication MethodConfiguration MethodAuthentication MechanismToken Generation ServerService Authentication Callback ServerApplicable Scenario
Application ID AuthenticationActivate projectJocloud checks application IDNot requiredNot requiredScenario requiring low security
Token AuthenticationActivate project
Enable certificate
Jocloud checks tokenRequiredNot requiredScenario requiring high security, such as logging in to audio/video services
Service Authentication CallbackActivate project
Enable certificate
Configure a service authentication callback address
Jocloud triggers callback of an authentication request to the business serverRequiredRequiredScenario requiring extremely high security, such as audio/video uplink

Project and Application ID

Each project owns one project ID (application ID) that is a unique identifier for this project.

Create a Project

Make sure that you have registered in Personal Center, and created the project. One user can create more projects.

Activate the Project

Click Personal Center -> Project Management to view the details of your projects. Newly created projects should be activated. Only the application ID of the activated project can enable the applicationID authentication.

Get an AppID

Click Personal Center -> Project Management to view the details of your projects. You can view your application ID in the project details page.

Use the AppID

You should fill in application ID to SDK API and RESTful API to distinguish different projects.

Token

Token is a user token and is more complex and safer than application ID verification. The application ID and the application certificate are combined to generate one token.

Enable an Application Certificate

Click Personal Center -> Project Management to view the details of your projects. You can enable the application certificate in the project details page. The application ID and the application certificate are combined to generate one token.

Token Format

Token is a verification method more complex and safer than the application ID. You should combine the application ID and application key to generate one token.

Token formats:

Field FormatField NameDescription
int32TokenVersionToken version field
int32TokenLenByte length of one token including TokenLen field and DigitalSignature field
int32App IDProject ID
int16uidLenUser ID length
StringuidUnique user ID in the project
int16parameterLenKey-value pairs of privilege parameters. Multiple key/value fields as below are allowed.
int16key lengthByte length of key
StringkeyContents of key
int16value lengthByte length of value
StringvalueContents of value
int16privilegesKey-value pairs of each privilege
int16key lengthByte length of key
StringkeyContents of key
int64valueByte contents of value
int64buildTimestampMillsUTC time (since 1970-01-01 00:00:00) in milliseconds for generating token
int32ValidTimeValid time of token (s)
20 BytesDigitalSignatureDigital signature

Note:

  • The multi-byte integer uses network byte order, generally Big Endian.

  • Expiration time of token = Timestamp + ValidTime Timestamp + ValidTime x 1000, UTC time (since 1970-01-01 00:00:00) in milliseconds.

  • Digital signature: It is generated by computing all data in front of DigitalSignature field via hmac-sha1 algorithm. The key required in computing is application key that can be gotten from the Personal Center -> Project Management page.

  • All parts of token shall be encoded to URL-safe base64 (not decoded from base64 and encoded to URL), since HTTP transmission is required for token.

Authentication Request Format

A media cycle authentication server receives and processes HTTP request for authentication, with HTTP fields described as follows:

FieldDescription
Request MethodPOST
HeadContent-Type: application/json;charset=UTF-8
Request ContentJSON string (see the format in the table below)

Description of JSON fields of request contents:

FieldDescriptionType
appIdProject ID32-bit unsigned integer
roomIdRoom IDString type
uidUser IDString type
ipUser IP (dotted decimal)String type
authAuthentication type. See details in [Authentication Type](#Authentication Type)32-bit unsigned integer
sendTimeRequest authentication time, UTC time (since 1970-01-01 00:00:00) in milliseconds64-bit unsigned integer
sessionAuthentication proxy session IDString type
tokenTokenString type

HTTP Response on Business Server Authentication

The authentication business server responds the authentication request.

FieldDescription
HTTP Status Code200 execution succeeded
Response Headerapplication/json
Response ContentJSON string (see the format in the table below)

Descriptions of json fields of the response contents:

FieldDescriptionType
codeResponse code. See details in [Authentication Response Code](#Authentication Response Code)32-bit unsigned integer
messageDescriptionString type
sessionAuthentication proxy session ID, identical with the session field in the request contentsString
expireExpired point-in time of authentication results, UTC time (since 1970-01-01 00:00:00) in milliseconds32-bit unsigned integer

Note:

You can control the authentication request cycle through the expire field.

Authentication Response Code

CodeDescriptionRemark
0SucceededSucceeded
10000System error in application token APIInternal server error, try again
10001No application tokenNo application token
10002Application token verification failedApplication token verification failed
10003Invalid appid parameterRequest parameter is not identical with appid in token
10004Invalid user ID parameterRequest parameter is not identical with user ID in token
10005Application token expiredApplication token expired
10006No applicationNo application
10007Token is about to expireToken will expire after 30 s
10008The user is bannedThe user is banned
10009Parameter exceptionParameter exception

Authentication Type

NameCodeDescription
AUTH_AUDIO_STREAM_SEND65538Audio stream uplink
AUTH_VIDEO_STREAM_SEND131074Video stream uplink

Was this page helpful?

Helpful Not helpful
Submitted! Your feedback would help us improve the website.
Feedback
Top
<