ユーザーアイデンティティとアクセストークン
Kedar Toraskar
概要
An Access Token controls Participant identity and Room permissions in your Programmable Video application. Read below to learn more.
About Access Tokens
Access Tokens are short-lived credentials that are signed with a Twilio API Key Secret and contain grants which govern the actions the client holding the token is permitted to perform. All Twilio Access Tokens must include the following information:
- A Twilio Account SID, which is the public identifier of the Twilio account associated with the Access Token.
- An API Key SID, which is the public identifier of the key used to sign the token.
- An Identity grant, which sets the Twilio user identifier for the client holding the token.
- The API Key Secret associated with the API Key SID is used to sign the Access Token and verify that it is associated with your Twilio account.
Programmable Video Access Tokens also include the following information:
- A mandatory Video grant, which indicates the holder of the Access Token can access Programmable Video services.
- Optionally, a Room grant (contained within the Video grant) for a specific Room name or SID, which indicates the holder of the Access Token may only connect to the indicated Room.
Access Tokens are based on the JSON Web Token standard (RFC 7519). Note that access tokens can no longer be generated via the Twilio Console.
Limit Room Access
The Room grant allows you to scope a Participant's access to a single Room. When a Participant connects with a token that contains a Room grant, the value is compared against:
- The Room's
UniqueName. - The Room's
Sid.
For example, if the Access Token contains a Room grant for DailyStandup, the client holding this Access Token will only be allowed to connect to the Room with the UniqueName property DailyStandup.
See below for working examples.
Note: If the Room Grant is scoped to a Room that has been created using the REST API with the EnableTurn property set to true, then media may be relayed over TURN servers, if required.
Time-To-Live (ttl)
Access Tokens must be valid while joining a Room and when reconnecting to a Room due to network disruption or handoff. Therefore, we recommend that you set the ttl to the maximum allowed session length, which is currently 14,400 seconds (4 hours).
Generating Access Tokens
You can generate Access Tokens using either a Twilio CLI plugin or a Twilio Helper Library.
Use the Twilio CLI plugin
The Twilio CLI has a plugin for generating Access Tokens from the command line. First, you will need to install the Twilio CLI and log in to your Twilio account from the command line; see the CLI Quickstart for instructions. Then, you can install the plugin with the following command:
twilio plugins:install @twilio-labs/plugin-token
To generate an Access Token, run the following command. --identity is a required argument and should be a string that represents the user identity for this Access Token.
twilio token:video --identity=<identity>
You can add other arguments to the command, such as TTL and room name. To see the list of options, use the --help flag:
twilio token:video --help
Use a Twilio helper library
Use a Twilio helper library to generate an Access Token in your back-end server. The examples below generate an Access Token for the user alice that grants access to the Room DailyStandup:
サンプル
Java
import com.twilio.jwt.accesstoken.AccessToken;
import com.twilio.jwt.accesstoken.VideoGrant;
public class TokenGenerator {
public static void main(String[] args) {
// Required for all types of tokens
String twilioAccountSid = "ACxxxxxxxxxxxx";
String twilioApiKey = "SKxxxxxxxxxxxx";
String twilioApiSecret = "xxxxxxxxxxxxxx";
String identity = "alice";
// Create Video grant
VideoGrant grant = new VideoGrant();
grant.setRoom("DailyStandup");
// Create access token
AccessToken token = new AccessToken.Builder(
twilioAccountSid,
twilioApiKey,
twilioApiSecret
).identity(identity).grant(grant).build();
System.out.println(token.toJwt());
}
}
JavaScript
const AccessToken = require('twilio').jwt.AccessToken;
const VideoGrant = AccessToken.VideoGrant;
// Used when generating any kind of Access Token
const twilioAccountSid = 'ACxxxxxxxxxx';
const twilioApiKey = 'SKxxxxxxxxxx';
const twilioApiSecret = 'xxxxxxxxxxxx';
// Create an access token which we will sign and return to the client,
// containing the grant we just created
const token = new AccessToken(twilioAccountSid, twilioApiKey, twilioApiSecret);
token.identity = 'alice';
// Create a Video grant which enables a client to use Video
// and limits access to the specified Room (DailyStandup)
const videoGrant = new VideoGrant({
room: 'DailyStandup'
});
// Add the grant to the token
token.addGrant(videoGrant);
// Serialize the token to a JWT string
console.log(token.toJwt());
PHP
<?php
// Get the PHP helper library from twilio.com/docs/php/install
require_once '/path/to/vendor/autoload.php'; // Loads the library
use Twilio\Jwt\AccessToken;
use Twilio\Jwt\Grants\VideoGrant;
// Required for all Twilio access tokens
$twilioAccountSid = 'ACxxxxxxxxxxxx';
$twilioApiKey = 'SKxxxxxxxxxxxx';
$twilioApiSecret = 'xxxxxxxxxxxxxx';
// A unique identifier for this user
$identity = "alice";
// The specific Room we'll allow the user to access
$roomName = 'DailyStandup';
// Create access token, which we will serialize and send to the client
$token = new AccessToken($twilioAccountSid, $twilioApiKey, $twilioApiSecret, 3600, $identity);
// Create Video grant
$videoGrant = new VideoGrant();
$videoGrant->setRoom($roomName);
// Add grant to token
$token->addGrant($videoGrant);
// render token to string
echo $token->toJWT();
Python
from twilio.jwt.access_token import AccessToken
from twilio.jwt.access_token.grants import VideoGrant
# required for all twilio access tokens
account_sid = 'ACxxxxxxxxxxxx'
api_key = 'SKxxxxxxxxxxxx'
api_secret = 'xxxxxxxxxxxxxx'
identity = 'alice'
# Create access token with credentials
token = AccessToken(account_sid, api_key, api_secret, identity=identity)
# Create a Video grant and add to token
video_grant = VideoGrant(room='DailyStandup')
token.add_grant(video_grant)
# Return token info as JSON
print(token.to_jwt())
Ruby
require 'twilio-ruby'
# Required for any Twilio Access Token
account_sid = 'ACxxxxxxxxxxxx'
api_key = 'SKxxxxxxxxxxxx'
api_secret = 'xxxxxxxxxxxxxx'
identity = 'alice'
# Create an Access Token
token = Twilio::JWT::AccessToken.new(account_sid, api_key, api_secret, [], identity: identity);
# Create Video grant for our token
grant = Twilio::JWT::AccessToken::VideoGrant.new
grant.room = 'DailyStandup'
token.add_grant(grant)
# Generate the token
puts token.to_jwt
C#
using System;
using System.Collections.Generic;
using Twilio.Jwt.AccessToken;
class Example
{
static void Main(string[] args)
{
// Substitute your Twilio AccountSid and ApiKey details
var accountSid = "accountSid";
var apiKeySid = "apiKeySid";
var apiKeySecret = "apiKeySecret";
var identity = "example-user";
// Create a video grant for the token
var grant = new VideoGrant();
grant.Room = "cool room";
var grants = new HashSet<IGrant> { grant };
// Create an Access Token generator
var token = new Token(accountSid, apiKeySid, apiKeySecret, identity: identity, grants: grants);
// Serialize the token as a JWT
Console.WriteLine(token.ToJwt());
}
}
アクセストークンサーバーサンプルアプリケーション
サンプルアプリケーションは様々なプログラミング言語によるアクセストークンの生成について実演しています。
ヘルプが必要ですか?
We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Community Forums or browsing the Twilio tag on Stack Overflow.