0

Do I still need a backend to generate access tokens for Twilio video?

Twilio's programmable video documentation talks about the client-side room creation option which can let us "get up and running without writing backend code".

https://www.twilio.com/blog/2017/04/programmable-video-peer-to-peer-rooms-ga.html

Client-side room creation

I know the testing tools let us create temporary access tokens, but those expire in 4 hours, making my Twilio demo stop working unless I'm refreshing tokens manually.

Qasim
  • 1,554
  • 1
  • 13
  • 22

1 Answers1

1

The reason behind handling access token creation on the backend is you can wrap the appropriate authentication methods around the recipient requesting the access token and make sure the API Keys to create those limited access tokens are secured.

For demo purposes, you could possibly look using the Twilio-CLI to create an access token with a longer expiration (up to 24hrs) or possible write a Twilio Function to handle this (with the understanding that you would not have a method of authenticating the clients requesting a token and assigning the appropriate identity, so there is risk).

Twilio CLI Plug-ins "twilio token plugin: Install and use this plugin to generate a token for use in a client-side SDK, e.g., a chat application." https://www.twilio.com/docs/twilio-cli/plugins

Alan
  • 10,465
  • 2
  • 8
  • 9
  • Would I be able to use Twilio Functions to automatically generate newer tokens and offer them as an API endpoint? – Qasim Mar 25 '20 at 01:26
  • 1
    Not for production since there is no authentication around requesting the token (anyone with the URL has access).There are examples of backend code you can embed in you application, which you can then provides user authentication around to protect the tokens - https://www.twilio.com/docs/video/tutorials/user-identity-access-tokens. You see this warning called our here - https://www.twilio.com/docs/voice/client/javascript/quickstart. – Alan Mar 25 '20 at 01:48