Private rooms and authenticating users via access token

In this guide, we will explain how you can create a private meeting room and authenticate users via access tokens.

In this guide, we will explain what are private and public meetings are, what are access tokens and how to generate them and authenticate the users with them.

📘

Overview

Public rooms are the rooms that anyone can join.

Private rooms require an access token to join.

Access Tokens can be generated via the Metered REST API and can also be used to add special metadata to each user like externalUserId or some other meta info in key-value pairs.

Request to Join mode when enabled in a room, allows a user without an access token to request admin users in a meeting to allow them to join a private meeting.

Prerequisite

If you haven't already read the, Getting Started with Metered guide please read it first and then come back to this article.

What are public and private rooms

Public rooms

Public rooms are the rooms that anyone can join and they do not require any authentication.

When you call the create room API without any parameters, the room that is created is public by default.

You can make the user join the public room by simply calling the join() method and passing just the name in the Metered Javascript SDK.

Private rooms

Private rooms require an accessToken to join.

You can create a private room by calling create room API and setting the privacy parameter to private.

You can also create private rooms through the dashboard.

When you call the join(options) method on a private room without passing an accessToken it will result in an error. We will explain in a bit how to generate accessToken.

How to create private rooms

Private Rooms can be created through the dashboard or through the REST API

a. Creating private room through the dashboard

You can create a private room by logging into your dashboard, click on the "Create Room" button, and on the create room page, set the Privacy Setting to Private.

Create Room page with Private Privacy SettingCreate Room page with Private Privacy Setting

Create Room page with Private Privacy Setting

b. Creating private room through the REST API

Private room can also be created using the REST API. In create room API call we will call the privacy key to private.

curl --request POST \
     --url 'https://yourappname.metered.live/api/v1/room?secretKey=ygbwg6JDGiyZjDsyMcm7O5-byiuQtL1Kt1RYTzGD1kAzDP' \
     --header 'Accept: application/json' \
     --header 'Content-Type: application/json' \
     --data '{ "privacy": "private" }'

What is an access token

The access token is a JSON web token, and it contains info about the user. Access tokens can be created that can be used to join any meeting in your Metered app or they can be restricted to rooms.

If you create a global token then the user can join any room in the app using the global token.

If you create a room-specific token, then the user can join only the room for which the token is created.

Generating Access token

Access tokens can be generated using the create access token api.

curl --request POST \
     --url https://yourappname.metered.live/api/v1/api/v1/token \
     --header 'Accept: application/json' \
     --header 'Content-Type: application/json' \
     --data '{"globalToken":true}'
{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7Imdsb2JhbFRva2VuIjp0cnVlLCJhcHBOYW1lIjoiaHlwcmhvc3QifSwiaWF0IjoxNjI3NzcwNDI2fQ.mVkFCexiE9UFHN8ujvsEVmXLllu2dXmF--4PzBFYjDY"}

Authenticating using the access token

Authenticating using the access tokens is very simple, instead of passing the name parameter to the join(options) , just pass the accessToken property.

const meeting = new Metered.Meeting();
const meetingInfo = await meeting.join({
  roomURL: "yourappname.metered.live/meetup",
  accessToken: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7Imdsb2JhbFRva2VuIjp0cnVlLCJhcHBOYW1lIjoiaHlwcmhvc3QifSwiaWF0IjoxNjI3NzcwNDI2fQ.mVkFCexiE9UFHN8ujvsEVmXLllu2dXmF--4PzBFYjDY" 
});

Validating the token without joining the meeting

If you want to check whether the token is valid then you can check it by calling the validate access token API.

This API decodes the token and returns the JSON in response if the auth token is valid, if the auth token is invalid it returns an error message, that auth token is invalid.

Access Token Available properties

Property

Description

Type

Required

isAdmin

By setting this property as true the user who will join the meeting using the token will become and an admin

boolean

NO

roomName

If you want to restrict the token to a particular room then set this property. If it is not set then global token will be created

string

NO

globalToken

If you want to create a global token that works across all the rooms in the app set this property to true

boolean

NO

name

Name of user. When user joins the meeting with the token, the value of this property would be set as the name

string

NO

email

Email you want to set for the user. This value will be associated with participant session, also visible in the dashboard under the participant session details screen.

string

NO

meta

Any meta info you want to associate with the user, you can also pass key value pairs JSON . maxlength 1000 chars`

string

NO

externalUserId

Any external user id you want to associated with the user/token, it could the userId from your own database

string

NO

expireUnixSec

unix time in seconds, This token is not valid after the specified time. If not specified then a token will be created that never expires

number

NO

notBeforeUnixSec

unix time in seconds. This token is not valid before the specified time.

number

NO

ejectAfterElapsedTimeInSec

user who joins the meeting using this token will be ejected after the specified seconds from the meeting. Suppose you want to eject the user automatically after 30 mins then you will set this value to 1800 (30 mins in seconds)

number

NO

Conclusion

In this guide, we have explained how you can create private meetings and authenticate users using access tokens.

To learn more checkout:

Feel free to contact us if you have any questions or need any assistance.