Skip to main content
  • Core Products
  • Add-Ons
  • Extensions Marketplace
Android
iOS
Web
Windows
Unity
Flutter
React Native

Secure authentication with tokens

Agora uses digital tokens to authenticate users and their privileges before they access Agora Chat. For test purposes, you can generate temporary tokens in Agora Console. See Manage users and generate tokens for details.

In a development environment, you deploy your own app server to generate authentication tokens. This page introduces how to set up a token server, retrieve tokens from your server, and authenticate your users.

Understand the tech

Agora Chat employs two types of tokens for authentication:

  • Use tokens with app privileges to call Agora RESTful APIs.

  • Use tokens with user privileges for user authentication and interaction through the Agora Chat SDK.

Use-caseToken typeInformation required to generateMaximum validity
RESTful API callsToken with app privileges
  • App ID of your Agora Chat project
  • App certificate of your Agora Chat project
  • Token validity period for your Agora Chat project
24 hours
SDK API callsToken with user privileges
  • App ID of your Agora Chat project
  • App certificate of your Agora Chat project
  • Token validity period for your Agora Chat project
  • The Agora Chat user ID
24 hours

Prerequisites

In order to follow this procedure, you must have the following:

If you have a firewall implemented in your network environment, Agora provides a firewall whitelist solution for you to access Agora Chat in environments with restricted network access. If you want to use the firewall whitelist solution, submit a ticket and our technical support will provide the target domain and corresponding IP.

Implement the authentication flow

This section shows you how to supply and consume a token used to authenticate a user with Agora Chat.

Deploy an app server to generate tokens

Tokens used for connecting with Agora Chat are generated by your app server. When a client sends a request, the app server generates an appropriate token. The following figure shows how to manage tokens with app and user privileges to facilitate secure user authentication and interaction with Agora Chat services.

Token generation API call sequence

token_generate_user_token

This section guides you through setting up a token server. Choose your preferred language and follow the step-by-step procedure.

caution

This sample server code provided in this guide is for demonstration purposes only. Do not use it directly in a production environment.

  1. Create and initialize a Go project

    Open your terminal and execute the following commands:

    mkdir chat-token-server
    cd chat-token-server
    go mod init chat-token-server

  2. Add the Agora Tools dependency

    The code uses the chatTokenBuilder library to generate tokens with app and user privileges.

    go get github.com/AgoraIO/Tools/DynamicKey/AgoraDynamicKey/go/src/chatTokenBuilder

  3. Set up the Go HTTP server

    Create a new file server.go, with the following content:

    package mainimport (    "encoding/json"    "fmt"    "log"    "net/http"    "github.com/AgoraIO/Tools/DynamicKey/AgoraDynamicKey/go/src/chatTokenBuilder" )// App credentialsconst (    AppID          = "your_app_id"          // Replace with your actual App ID    AppCertificate = "your_app_certificate" // Replace with your actual App Certificate)type TokenRequest struct {    UserUUID string `json:"user_uuid,omitempty"` // Optional for App Token    Expire   uint32 `json:"expire"`}type TokenResponse struct {    Token string `json:"token"`    Error string `json:"error,omitempty"`}func buildUserTokenHandler(w http.ResponseWriter, r *http.Request) {    var req TokenRequest    if err := json.NewDecoder(r.Body).Decode(&req); err != nil {        http.Error(w, "Invalid request payload", http.StatusBadRequest)        return    }    token, err := chatTokenBuilder.BuildChatUserToken(AppID, AppCertificate, req.UserUUID, req.Expire)    if err != nil {        response := TokenResponse{Error: err.Error()}        json.NewEncoder(w).Encode(response)        return    }    response := TokenResponse{Token: token}    json.NewEncoder(w).Encode(response)}func buildAppTokenHandler(w http.ResponseWriter, r *http.Request) {    var req TokenRequest    if err := json.NewDecoder(r.Body).Decode(&req); err != nil {        http.Error(w, "Invalid request payload", http.StatusBadRequest)        return    }    token, err := chatTokenBuilder.BuildChatAppToken(AppID, AppCertificate, req.Expire)    if err != nil {        response := TokenResponse{Error: err.Error()}        json.NewEncoder(w).Encode(response)        return    }    response := TokenResponse{Token: token}    json.NewEncoder(w).Encode(response)}func main() {    http.HandleFunc("/generate-user-token", buildUserTokenHandler)    http.HandleFunc("/generate-app-token", buildAppTokenHandler)    port := "8080"    fmt.Printf("Starting server on port %s...\n", port)    if err := http.ListenAndServe(":"+port, nil); err != nil {        log.Fatalf("Server failed to start: %v", err)    } }

  4. Run the server

    In server.go, update the values for AppIDd and AppCertificate. Use the following command to run the server:

    go run server.go

    The server will start on http://localhost:8080.

  5. Test the server

    Use the following curl requests to test your server:

    • Generate a user token

      curl -X POST http://localhost:8080/generate-user-token \
            -H "Content-Type: application/json" \
            -d '{"user_uuid": "test_user", "expire": 3600}'

    • Generate an app token

      curl -X POST http://localhost:8080/generate-app-token \
            -H "Content-Type: application/json" \
            -d '{"expire": 3600}'

Chat SDK token authentication

The following code fetches and replaces an expired token for the Agora Chat SDK. It performs the following tasks:

  1. Fetches a fresh token on app startup* At the start of the application, it fetches a valid token for the user from a token server.
  1. Listens for OnTokenWillExpire event: The app sets up a listener to monitor when the token is about to expire. Upon receiving this event, it fetches a new token from the token server and renews the token with the Agora Chat SDK.

To execute the code, ensure you set the following values in the code:

  • App Key: The app key of your Agora project.
  • User ID: The username that you will be used communication.
  • Token Server URL: The URL of your token server, which provides valid tokens for authentication.
using System.Net.Http;
using System.Text.Json;
using System.Windows;
using AgoraChat;
using AgoraChat.MessageBody;

private readonly string userId = "<User ID of the local user>";
private string token = "";
private readonly string app_key = "<App key from Agora console>";
private readonly string tokenServerUrl = "<Your token server URL>";
private bool isJoined = false;
// Update the UI from callbacks on a separate thread
private readonly System.Windows.Threading.Dispatcher? Dip = null;

public partial class MainWindow : Window, IConnectionDelegate, IChatManagerDelegate
{
public MainWindow()
{
// Initialize window component
InitializeComponent();
// Initialize the thread dispatcher
Dip = System.Windows.Threading.Dispatcher.CurrentDispatcher;
// Initialize Chat SDK client
setupChatClient();
// Add connection and chat delegates to handle callbacks
SDKClient.Instance.AddConnectionDelegate(this);
SDKClient.Instance.ChatManager.AddChatManagerDelegate(this);
// Execute the CloseWindow method when the app closes
Closed += CloseWindow;
}

private void setupChatClient()
{
var options = new Options(appKey: app_key);
options.UsingHttpsOnly = true;
// Initialize the chat SDKClient
SDKClient.Instance.InitWithOptions(options);
}

private async void JoinLeave_Click(object sender, RoutedEventArgs e)
{
Button button = (Button)this.FindName("btnJoinLeave");

if (isJoined)
{
SDKClient.Instance.Logout(true, callback: new CallBack(
onSuccess: () =>
{
showLog("Sign out from Agora Chat succeed");
Dip?.Invoke(() =>
{
button.Content = "Join";
});
isJoined = false;
},
onError: (code, desc) =>
{
showLog(desc);
}
));
}
else
{
// Generate token
token = await GenerateTokenAsync(userId);

if (string.IsNullOrEmpty(token))
{
showLog("Failed to generate token. Please try again.");
return;
}

// Log in to the Chat service with userId and Agora token.
SDKClient.Instance.LoginWithAgoraToken(userId, token, callback: new CallBack(
onSuccess: () =>
{
showLog("Sign in to Agora Chat succeed");
isJoined = true;
Dip?.Invoke(() =>
{
button.Content = "Leave";
});
},
onError: (code, desc) =>
{
if (code == 200)
{ // Already joined
isJoined = true;
Dip?.Invoke(() =>
{
button.Content = "Leave";
});
}
else
{
showLog(desc);
}
}
));
}
}

public void OnAuthFailed()
{
showLog("User authentication failed.");
}

public void OnTokenExpired()
{
showLog("The token has expired.");
}

public async void OnTokenWillExpire()
{
showLog("The token is about to expire. Fetching a new token...");

// Fetch a new token from the token server
string newToken = await GenerateTokenAsync(userId);

if (!string.IsNullOrEmpty(newToken))
{
// Renew the token with Agora Chat SDK
SDKClient.Instance.RenewToken(newToken, new CallBack(
onSuccess: () =>
{
showLog("Token renewed successfully.");
token = newToken; // Update the local token variable
},
onError: (code, desc) =>
{
showLog($"Failed to renew token: {desc}");
}
));
}
else
{
showLog("Failed to fetch a new token. Please check the token server.");
}
}


private void CloseWindow(object sender, EventArgs e)
{
SDKClient.Instance.ChatManager.RemoveChatManagerDelegate(this);
SDKClient.Instance.DeleteConnectionDelegate(this);
}

private async Task<string> GenerateTokenAsync(string userId)
{
try
{
using HttpClient client = new HttpClient();
var response = await client.GetAsync($"{tokenServerUrl}?userId={userId}");
if (response.IsSuccessStatusCode)
{
var jsonResponse = await response.Content.ReadAsStringAsync();
var result = JsonSerializer.Deserialize<Dictionary<string, string>>(jsonResponse);
if (result != null && result.ContainsKey("token"))
{
return result["token"];
}
}
else
{
showLog($"Token server error: {response.ReasonPhrase}");
}
}
catch (Exception ex)
{
showLog($"Exception while fetching token: {ex.Message}");
}
return string.Empty;
}

}
Copy

Chat RESTful API token authentication

To create a new user, use the following curl command:

curl -X POST -H "Authorization: Bearer <YourAgoraAppToken>" -i "https://XXXX/XXXX/XXXX/users" -d '[
{
"username": "user1",
"password": "123",
"nickname": "testuser"
}
]'
Copy

The server responds with the user details:

{
"action": "post",
"application": "8be024f0-e978-11e8-b697-5d598d5f8402",
"path": "/users",
"entities": [
{
"uuid": "0ffe2d80-ed76-11e8-8d66-279e3e1c214b",
"username": "user1",
"activated": true,
"nickname": "testuser"
}
]
}
Copy

Reference

This section introduces token generator libraries, version requirements, and related documents about tokens.

Token generator libraries

For more examples and source code in other development languages, explore the AgoraDynamicKey open-source repository on GitHub.

Tokens for Agora RTC products

If you use Agora Chat together with the Agora RTC SDK, Agora recommends upgrading to AccessToken 2.

Page Content

vundefined