Auth Tokens

Auth tokens provide a secure way to establish a connection between your application and Relaybox services.

Creating an Authentication Endpoint

In order to request a secure authentication token, we need to create a server-side endpoint that will respond with one. Let's go ahead and generate a token to gain access to Relaybox services.

The following example uses Express to create a simple REST endpoint that will provide an authentication token response.

// Server side
import { RelayBox } from '@relaybox/rest';
import express, { Request, Response } from 'express';

const relayBox = new RelayBox({
  apiKey: xxxx.xxxx.xxxxxxxxxxxx // Use API key responsibly on your server
});

app.get('/user/auth', (req: Request, res: Response) => {
  const tokenResponse = relayBox.generateTokenResponse();
  res.send(tokenResponse);
})

Using an Authentication Token

Now that the authentication endpoint has been created, you can reference the URL in the client-side configuration options. This can be either a relative or absolute path depending on the location of your backend services.

// Client side
import { RelayBox } from '@relaybox/client';

const relayBox = new RelayBox({
  authEndpoint: `/user/auth`, // Your secure authentication endpoint
})

await relayBox.connect();

By supplying the authEndpoint parameter, you're telling Relaybox that it can request a secure authentication token from this location. Once enabled, the client-side library ensures this token remains secure and valid for the entirety of the user session.

There is no more code to maintain. The client-side SDK library will securely manage refreshing the token at regular intervals and handle establishing a connection once the token response has been received.

Setting a Client ID

To allow the connecting user to participate in presence activities and operations, you can provide a client ID when generating an auth token. This could be the user ID or an arbitrary value you choose to supply.

// Server side...

// This could be a call to your db or auth service (for example)
const clientId = getClientId(); // eg. 1234

const tokenResponse = relayBox.generateTokenResponse({
  clientId
});

Once a client ID has been added to the token, this user now has an identity and will be able to participate in presence operations.

Setting the Token Expiry

Authentication tokens should be short-lived credentials. For this reason, we provide a way to set an expiry. Once the token has expired, it can no longer be used to connect to Relaybox.

// Server side...

// Set a token expiry time of 5 mins
const DEFAULT_TOKEN_EXPIRY_SECS = 300; // 5 mins

const tokenResponse = relayBox.generateTokenResponse({
  expiresIn: DEFAULT_TOKEN_EXPIRY_SECS
});

If the expiry is not specified, a default value of 15 minutes is applied. When the token is due to expire, the client-side library will initiate a request to the provided auth endpoint to get a new one.

Setting Permissions Dynamically

It's recommended that you manage token permissions at the API key level, but there will be situations where you require more control over the permissions applied to a connection. In such cases, dynamically adding permissions will be necessary.

// Server side...

// add permissions during token generation
const permissions = {
  'myRoom': ['publish', 'presence', 'metrics'],
};

const tokenResponse = relayBox.generateTokenResponse({
  permissions
});

Click here to learn more about managing permissions both programmatically and through the use of API keys.

Setting Token Request Options

Include configuration options in the token request to transmit additional data. This may include extra headers, request configurations, or other necessary information to generate the token.

// Client side
import { RelayBox } from '@relaybox/client';

const relayBox = new RelayBox({
  authEndpoint: `/user/auth`,

  // Attach a client id directly if required
  clientId: 1234,

  // ...or call a function to retrieve the header content
  authHeaders: function () {
    const clientId = localStorage.getItem('client-id');

    return {
      'X-Client-Id': clientId,
      'X-Refresh-Token': '...'
    };
  },

  // Javascript fetch API is used under the hood
  // Add additional config options here to be passed with the request
  authRequestOptions: {
    method: 'GET', // defaults to 'GET'
    mode: 'cors',
    credentials: 'include'
  },

  // Alternatively, pass extra parameters in the request url
  // /user/auth?clientId=...
  authParams: function () {
    const clientId = getItem('client-id');
    return {
      clientId
    };
  }
});

API Reference

Use the links below to learn more about the client and server API...

Learn more about client request options

Learn more about server response options

    On this page

      © 2024 Relaybox Ltd. All rights reserved.
      • Slack logo
      • Discord logo