Private Rooms and Authenticating users via access token
In this guide, we will explain how you can create a private meeting room and authenticate users via access tokens.
In this guide, we will explain what are private and public meetings are, what are access tokens and how to generate them and authenticate the users with them.
Public rooms are the rooms that anyone can join.
Private rooms require an access token to join.
Access Tokens can be generated via the Metered REST API and can also be used to add special metadata to each user like externalUserId or some other meta info in key-value pairs.
Request to Join mode when enabled in a room, allows a user without an access token to request admin users in a meeting to allow them to join a private meeting.
Prerequisite
If you haven't already read the, Advanced SDK guide please read it first and then come back to this article.
What are public and private rooms
Public rooms
Public rooms are the rooms that anyone can join and they do not require any authentication.
When you call the create room API without any parameters, the room that is created is public by default.
You can make the user join the public room by simply calling the join() method and passing just the name in the Metered Javascript SDK.
Private Rooms
Private rooms require an accessToken to join.
You can create a private room by calling create room API and setting the privacy parameter to private.
You can also create private rooms through the dashboard.
When you call the join(options) method on a private room without passing an accessToken it will result in an error. We will explain in a bit how to generate accessToken.
How to create private rooms
Private Rooms can be created through the dashboard or through the REST API.
a. Creating private room through the dashboard
You can create a private room by logging into your dashboard, click on the "Create Room" button, and on the create room page, set the Privacy Setting to Private.
Create Room page with Private Privacy Setting
b. Creating private room through the REST API
Private room can also be created using the REST API. In create room API call we will call the privacy key to private.
curl --request POST \
--url 'https://yourappname.metered.live/api/v1/room?secretKey={Your_secret_key}' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{ "privacy": "private" }'
What is an access token
The access token is a JSON web token, and it contains info about the user. Access tokens can be created that can be used to join any meeting in your Metered app or they can be restricted to rooms.
If you create a global token then the user can join any room in the app using the global token.
If you create a room-specific token, then the user can join only the room for which the token is created.
Generating Access token
Access tokens can be generated using the create access token api.
- cURL
- Response
curl --request POST \
--url https://yourappname.metered.live/api/v1/token \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{"globalToken":true}'
{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7Imdsb2JhbFRva2VuIjp0cnVlLCJhcHBOYW1lIjoiaHlwcmhvc3QifSwiaWF0IjoxNjI3NzcwNDI2fQ.mVkFCexiE9UFHN8ujvsEVmXLllu2dXmF--4PzBFYjDY"}
Authenticating using the access token
Authenticating using the access tokens is very simple, instead of passing the name parameter to the join(options)
, just pass the accessToken property.
const meeting = new Metered.Meeting();
const meetingInfo = await meeting.join({
roomURL: "yourappname.metered.live/meetup",
accessToken: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7Imdsb2JhbFRva2VuIjp0cnVlLCJhcHBOYW1lIjoiaHlwcmhvc3QifSwiaWF0IjoxNjI3NzcwNDI2fQ.mVkFCexiE9UFHN8ujvsEVmXLllu2dXmF--4PzBFYjDY"
});
Validating the token without joining the meeting
If you want to check whether the token is valid then you can check it by calling the validate access token API.
This API decodes the token and returns the JSON in response if the auth token is valid, if the auth token is invalid it returns an error message, that auth token is invalid.
Access Token Available properties
| Property | Description | Type | Required |
|---|---|---|---|
isAdmin | By setting this property as true the user who will join the meeting using the token will become and an admin | boolean | NO |
roomName | If you want to restrict the token to a particular room then set this property. If it is not set then global token will be created | string | NO |
globalToken | If you want to create a global token that works across all the rooms in the app set this property to true | boolean | NO |
name | Name of user. When user joins the meeting with the token, the value of this property would be set as the name | string | NO |
email | Email you want to set for the user. This value will be associated with participant session, also visible in the dashboard under the participant session details screen. | string | NO |
meta | Any meta info you want to associate with the user, you can also pass key value pairs JSON . maxlength 1000 chars` | string | NO |
externalUserId | Any external user id you want to associated with the user/token, it could the userId from your own database | string | NO |
expireUnixSec | unix time in seconds, This token is not valid after the specified time. If not specified then a token will be created that never expires | number | NO |
notBeforeUnixSec | unix time in seconds. This token is not valid before the specified time. | number | NO |
ejectAfterElapsedTimeInSec | user who joins the meeting using this token will be ejected after the specified seconds from the meeting. Suppose you want to eject the user automatically after 30 mins then you will set this value to 1800 (30 mins in seconds) | number | NO |
Conclusion
In this guide, we have explained how you can create private meetings and authenticate users using access tokens.
To learn more checkout:
- The create room api for all the options that available when creating a room
- The create access token API to complete access token reference
Feel free to contact us if you have any questions or need any assistance.