Benefits of using JWT for video conferencing platforms

What is a JSON Web Token?

Simply JSON Web Token is a good way of transmitting information between parties in a well secured manner. JWT is an open standard (RFC 7519) that specifies a compact and self-contained method for securely communicating information which is included with three main parts as : Header, Payload and Signature.

JWTs can be signed using :

  • A secret - HMAC algorithm
    By sending a JSON object with a signed payload comprising your account’s Access Key and Secret, these tokens provide a safe server-to-server authentication technique.

  • A public/private key pair - using RSA or ECDSA algorithm
    When tokens are signed using public/private key pairs, the signature verifies that only the user who holding the private key is the one that signed it

Note : Consider the resource server as the video application server

image1

Step 1

Client request for the authentication with his/her username and the password from the authentication server

Step 2

Considering the username and the password details of the user an access token is generated for the user and send it to the user end

Step 3

The token is saved in the browser and request for the video application with that given token

Step 4

Considering the attached token of the user resource server will send the video application to the user end. So the user can connect for the video session

Note : a unique token is generated for each user who sends requests to the server . So two users can’t use the same token for joining a session

Why is JWT important for video conferencing platforms?

Since video streaming uses real time data transmission, there should not be delay with the transmission process. Even for the authentication it should be well concerned. The importance of JWT token is, once the user is logged in, each subsequent request will include the JWT. So there will be no latency issues with the authentication process using JWT in video platforms.

When the user login with his username and password, from the back end it creates a token for the user with the secret key and sends it to the browser. The token is saved in the browser end and users can join for a video session as they need without sending authentication requests each and every time.

With the ability of defining an expiration time in the token it can ensure better security of a user permission by allowing a time window of authorized access for a video session.

Example for a generated jwt token :
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb250ZXh0Ijp7InVzZXIiOnsi
YXZhdGFyIjoiaHR0cHM6Ly9lbi5ncmF2YXRhci5jb20vdXNlcmltYWdlLzMzE5MDY
1LzA0MGEzOGVjMzI2YzZlZTJjY2JiOTFkMGM5ZWY3NjRkLnBuZz9zaXplPTQwMCIs
Im5hbWUiOiJJYW0gTW9kZXJhdG9yIiwiZW1haWwiOiIifX0sIm1vZGVyYXRvciI6d
HJ1ZSwiYXVkIjoiaml0c2kCJpc3MiOiJtZWV0cml4X2FwcCIsInN1YiI6ImRldm1l
ZXQyLm1lZXRyaXguaW8iLCJyb29tIjoiKiIsImV4cCI6MTY0MzQ5ODgxNX0.vnaAKUGk-6lBj7N8at4fPcN0NozLi4f4zpX_n9DA_bE

Furthermore you can follow this link for more information about jwt token generation :

https://meetrix.io/blog/webrtc/jitsi/meet/how-to-authenticate-users-to-Jitsi-meet-using-JWT-tokens.html

Looking for commercial support ? please contact us via hello@meetrix.io or the contact us

Updated:

Leave a Comment