Benefits of using JWT for video conferencing platforms
What is a JSON Web Token?
Simply JSON Web Token is a good way of transmitting information between parties in a well secured manner. JWT is an open standard (RFC 7519) that specifies a compact and self-contained method for securely communicating information which is included with three main parts as : Header, Payload and Signature.
JWTs can be signed using :
A secret - HMAC algorithm
By sending a JSON object with a signed payload comprising your account’s Access Key and Secret, these tokens provide a safe server-to-server authentication technique.
A public/private key pair - using RSA or ECDSA algorithm
When tokens are signed using public/private key pairs, the signature verifies that only the user who holding the private key is the one that signed it
Note : Consider the resource server as the video application server
Client request for the authentication with his/her username and the password from the authentication server
Considering the username and the password details of the user an access token is generated for the user and send it to the user end
The token is saved in the browser and request for the video application with that given token
Considering the attached token of the user resource server will send the video application to the user end. So the user can connect for the video session
Note : a unique token is generated for each user who sends requests to the server . So two users can’t use the same token for joining a session
Why is JWT important for video conferencing platforms?
Since video streaming uses real time data transmission, there should not be delay with the transmission process. Even for the authentication it should be well concerned. The importance of JWT token is, once the user is logged in, each subsequent request will include the JWT. So there will be no latency issues with the authentication process using JWT in video platforms.
When the user login with his username and password, from the back end it creates a token for the user with the secret key and sends it to the browser. The token is saved in the browser end and users can join for a video session as they need without sending authentication requests each and every time.
With the ability of defining an expiration time in the token it can ensure better security of a user permission by allowing a time window of authorized access for a video session.
Example for a generated jwt token :
Furthermore you can follow this link for more information about jwt token generation :