Access token
An access token is a short-lived token that allows applications to use PlanetKit. An application generates and returns an access token from the app server.
Access token authentication flow
The authentication flow using an access token is as follows:
- An app client requests an access token to the app server using the communication channel defined by the application. Note that this channel is not provided by LINE Planet.
- The app server generates an access token and sends it to the app client.
- The app client sets the access token in PlanetKit by initializing a call parameter or conference parameter with the access token.
- The app client makes a call using the call parameter or joins a conference using the conference parameter.
The following diagram shows the authentication flow using an access token:
Access token format
The access token is a JSON WebToken (JWT). A JWT is an encoded JSON object consisting of a header, payload, and signature.
# JWT example
eyJ*****************.eyJ*********.*******************************************
Header
The header typically consists of two parts.
- Token type (
typ): JWT - Signing algorithm (
alg): HS256
# Header example
# eyJ*********************************
{
"typ": "JWT",
"alg": "HS256"
}
Payload
sub: Service IDuid: User IDiss: API keyiat: Creation timestamp in seconds
# Payload example
# eyJ*****************************************************************************************************************************************************************************************************************************************************
{
"sub": "YOUR_SERVICE_ID",
"uid": "2048",
"iss": "YOUR_API_KEY",
"iat": 1617636530
}
Signature
The signature part is not a JSON object. An API secret is used to create the signature part.
# Signature example
# *********-*********-***********************
HMACSHA256(base64UrlEncode(header) + "." + base64UrlEncode(payload), API-secret)
How to generate access tokens
Prerequisites
To generate an access token, you must have API key and API secret. Refer to Generating an API key to generate an API key.
Create an access token
Create an access token in the app server.
Do not create access tokens in your app client.
As mentioned earlier, a JWT is an encoded JSON object consisting of a header, payload, and signature. To generate an access token, you must set appropriate values for each part. The following table shows which values should be used.
| JWT header | Description | Value |
|---|---|---|
typ | Token type. Must be "JWT". | JWT |
alg | Signing algorithm. Must use HS256. | HS256 |
| JWT payload | Description | Example |
|---|---|---|
sub | Service ID | YOUR_SERVICE_ID |
uid | User ID | 1122 |
iss | API key | **************************** |
iat | Creation time in seconds | 1615740516 |
To prevent increasing the size of access tokens, do not add payload values other than the JWT parameters shown above.
Create an access token code example - Java
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
public class AccessTokenGenerator {
public static void main(String[] args) {
String serviceId = "YOUR_SERVICE_ID";
String userId = "2048";
String apiKey = "YOUR_API_KEY";
String apiSecret = "YOUR_API_SECRET";
Map<String, Object> header = new HashMap<>();
header.put("typ", "JWT");
Date issuedAt = new Date(System.currentTimeMillis());
Algorithm algo = Algorithm.HMAC256(apiSecret);
String token = JWT.create()
//header
.withHeader(header)
//payload
.withSubject(serviceId)
.withIssuer(apiKey)
.withIssuedAt(issuedAt)
.withClaim("uid", userId)
//signature
.sign(algo);
System.out.println(token);
// eyJ*********************************.eyJ****************************************************************************************************************.***********-*******************************
}
}
For examples in other programming languages, refer to JWT Libraries.