Token source #787
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| patch type="added" "Abstract token source for easier token fetching in production and faster integration with sandbox environment" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,99 @@ | ||
| /* | ||
| * Copyright 2025 LiveKit | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| import JWTKit | ||
|
|
||
| public struct LiveKitJWTPayload: JWTPayload, Codable, Equatable { | ||
| public struct VideoGrant: Codable, Equatable { | ||
| /// Name of the room, must be set for admin or join permissions | ||
| public let room: String? | ||
| /// Permission to create a room | ||
| public let roomCreate: Bool? | ||
| /// Permission to join a room as a participant, room must be set | ||
| public let roomJoin: Bool? | ||
| /// Permission to list rooms | ||
| public let roomList: Bool? | ||
| /// Permission to start a recording | ||
| public let roomRecord: Bool? | ||
| /// Permission to control a specific room, room must be set | ||
| public let roomAdmin: Bool? | ||
|
|
||
| /// Allow participant to publish. If neither canPublish or canSubscribe is set, both publish and subscribe are enabled | ||
| public let canPublish: Bool? | ||
| /// Allow participant to subscribe to other tracks | ||
| public let canSubscribe: Bool? | ||
| /// Allow participants to publish data, defaults to true if not set | ||
| public let canPublishData: Bool? | ||
| /// Allowed sources for publishing | ||
| public let canPublishSources: [String]? | ||
| /// Participant isn't visible to others | ||
| public let hidden: Bool? | ||
| /// Participant is recording the room, when set, allows room to indicate it's being recorded | ||
| public let recorder: Bool? | ||
|
|
||
| public init(room: String? = nil, | ||
| roomCreate: Bool? = nil, | ||
| roomJoin: Bool? = nil, | ||
| roomList: Bool? = nil, | ||
| roomRecord: Bool? = nil, | ||
| roomAdmin: Bool? = nil, | ||
| canPublish: Bool? = nil, | ||
| canSubscribe: Bool? = nil, | ||
| canPublishData: Bool? = nil, | ||
| canPublishSources: [String]? = nil, | ||
| hidden: Bool? = nil, | ||
| recorder: Bool? = nil) | ||
| { | ||
| self.room = room | ||
| self.roomCreate = roomCreate | ||
| self.roomJoin = roomJoin | ||
| self.roomList = roomList | ||
| self.roomRecord = roomRecord | ||
| self.roomAdmin = roomAdmin | ||
| self.canPublish = canPublish | ||
| self.canSubscribe = canSubscribe | ||
| self.canPublishData = canPublishData | ||
| self.canPublishSources = canPublishSources | ||
| self.hidden = hidden | ||
| self.recorder = recorder | ||
| } | ||
| } | ||
|
|
||
| /// Expiration time claim | ||
| public let exp: ExpirationClaim | ||
| /// Issuer claim | ||
| public let iss: IssuerClaim | ||
| /// Not before claim | ||
| public let nbf: NotBeforeClaim | ||
| /// Subject claim | ||
| public let sub: SubjectClaim | ||
|
|
||
| /// Participant name | ||
| public let name: String? | ||
| /// Participant metadata | ||
| public let metadata: String? | ||
| /// Video grants for the participant | ||
| public let video: VideoGrant? | ||
|
|
||
| public func verify(using _: JWTSigner) throws { | ||
| try nbf.verifyNotBefore() | ||
| try exp.verifyNotExpired() | ||
| } | ||
|
|
||
| static func fromUnverified(token: String) -> Self? { | ||
| try? JWTSigners().unverified(token, as: Self.self) | ||
| } | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| /* | ||
| * Copyright 2025 LiveKit | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| import Foundation | ||
|
|
||
| /// `Sandbox` queries LiveKit Sandbox token server for credentials, | ||
| /// which supports quick prototyping/getting started types of use cases. | ||
| /// - Warning: This token endpoint is **INSECURE** and should **NOT** be used in production. | ||
|
||
| public struct Sandbox: TokenEndpoint { | ||
|
||
| public let url = URL(string: "https://cloud-api.livekit.io/api/sandbox/connection-details")! | ||
pblazej marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| public var headers: [String: String] { | ||
| ["X-Sandbox-ID": id] | ||
| } | ||
|
|
||
| /// The sandbox ID provided by LiveKit Cloud. | ||
| public let id: String | ||
|
|
||
| /// Initialize with a sandbox ID from LiveKit Cloud. | ||
| public init(id: String) { | ||
| self.id = id.trimmingCharacters(in: .alphanumerics.inverted) | ||
| } | ||
| } | ||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moved it to a separate file for visibility.