Twilio controlling video room access

1
votes

jut for a background, I'm building a poc of twilio based video chat contact center and I've came upon one issue. Most of the people using the service will be anonymous customers, no logging / authentication here. Looking at the twilio api, once I produce a Token with VideoGrant I loose all control of what the javascript client does with it, for example, someone can modify my JS client to create their own room, instead of joining the one assigned by my app. Is there any way to create VideoGrant which would allow only joining a room, preferably a single, selected room? There is a mention of Room Events in the console, but I didn't see any docs on it, maybe it would allow to catch rooms creation and kill the unknown ones, btw is there a REST api for rooms? nothing on official REST api docs again. Sorry if the questions are a bit vauge, I'm aware that they might not meet SO standards, but I know that few Twilio developer evangelists are active so maybe you guys can propose some best practices here or just point out to the right docs if I am dumb enough to have missed them.

1
twilio
Ok so I figured out a (partial) solution using twilio room callbacks. The callback body looks like this: RoomStatus=in-progress& RoomSid=xxxx& RoomName=room1& SequenceNumber=0& ParentAccountSid=xxx& StatusCallbackEvent=room-created& AccountSid=yyy& TimeStamp=2017-03-21T18%3A50%3A04.051Z If we generate the room names server side we can control if the created room is legit and if not - destroy it. Downside is that we will get charged for the room. Another issue is that I still haven't figured out video room control api. - Łukasz Zwierko

1 Answers

2
votes

Lukasz,

Rob Brazier here, PM for Video. In the next few weeks we'll be adding a new grant to the Video section of our Access Tokens that allow you to lock down access only to a specific Room.

The basic flow will be:

  1. User visits your site.
  2. Your app server decides what Room they should connect to.
  3. Your app server creates a Room using whatever identifier you like as the name (using the upcoming Video REST API).
  4. Your app server generates an Access Token with a grant for the specific Room created in #3.
  5. Your app server returns that Access Token to the client.
  6. Client connects using the provided token and is joined to the specified Room.

Let me know if this is clear. Thanks,