Skip to main content

WebRTC Ingest Authentication

Authentication for Vindral is done using the secret provided for you in Vindral Portal and using that secret to sign a JWT with the allowed channel group or channel. An optional expiration can also be set.

The secret provided in the customer panel should never be available to users and only be hosted securely on your own server.

The token can then be supplied when creating the WebrtcIngest instance—passing the token as authenticationToken in the constructor options.

If the token is close to expiration, you can refresh the token by calling .updateAuthenticationToken(token) with a newly signed token on the Vindral instance with an established connection.

Errors will be emitted upon expiration or rejection.

Examples

Example signing a token using jsonwebtoken with Typescript for single channel use

import { sign } from "jsonwebtoken"

const expiresAfterSeconds = 60 * 60 * 2
// Get real secret from customer panel interface
const secret = "75442486-0878-440c-9db1-a7006c25a39f"
const authenticationToken = sign(
  {
    channelId,
    scope: {
      ingest: true,
    },
    exp: Math.round(Date.now() / 1000 + expiresAfterSeconds),
  },
  secret
)

Example signing a token using jsonwebtoken with Typescript for use with a channel group

import { sign } from "jsonwebtoken"

const expiresAfterSeconds = 60 * 60 * 2
// Get real secret from customer panel interface
const secret = "75442486-0878-440c-9db1-a7006c25a39f"
const authenticationToken = sign(
  {
    channelGroupId,
    scope: {
      ingest: true,
    },
    exp: Math.round(Date.now() / 1000 + expiresAfterSeconds),
  },
  secret
)

Further reading

For examples of libraries and more general information regarding JWT, see this site.