White Paper: Education Guide- How to survive and thrive in a live video world

EDUFC PMThe influence of live video technology has permeated into a number of different industries, and education is just one area looking to capitalize on the advantages available. By integrating WebRTC technology into their existing interfaces, education providers are seeking new ways to deliver quality service to learners around the world.

Owing to the rise of live video technology in different spheres, there has been an increase in consumer demand for interactive educational services. One reason for this is the potential to deliver education services around the world, made possible by remotely controlled live video.

Read More

White Paper: Consumers want more than Facetime for Brands

Frontcover_B2C Whitepaper@2xWhen it comes to communicating with family and friends, live video has become commonplace, but it has not yet become the norm in business. In order to take advantage of the benefits of live video, companies and brands must find a way to integrate live video into their existing suites.

With rising demand and interest, it is becoming increasingly important for businesses to be able to provide live video capabilities to its consumers. This can help create a mutually beneficial relationship between business and customer as service can be provided more conveniently and efficiently.

Read More

JWT – The New Authentication Scheme for OpenTok REST Endpoints

We have been working on a new standards-based alternative to authenticate with the OpenTok REST endpoints. With the release of the latest OpenTok Server SDKs, we will be transitioning to JSON Web Tokens (JWT) to authenticate OpenTok REST endpoints.

Why JWT?

  1. Standards-based encoding, decoding and verification.
  2. They do not expose the private secret of the partner.
  3. They are lightweight and can be attached to HTTP headers easily.
  4. JWT are self-contained,  such that each token is equipped with all the information needed for the authorization process including the expiration time and the issued time of the token.
  5. Since JWT are transferred over JSON you can use them with multiple languages. There are JWT libraries available for most languages, and there are a range of choices.
  6. They are extensible and allows the token to carry new data, making it easier to future-proof.

All of this not only makes authentication more secure, but also simplifies the developer’s workflow.

There are a lot of great resources available to find out more about JWT so we recommend reading more.

JWT in Action

We know there many benefits of using JWTs so now let’s see them in action with OpenTok REST endpoints.

Each request will require a new token. This token should be sent as the value in an HTTP header named “X-OPENTOK-AUTH”.

An encoded JWT is easy to identify. It is three strings separated by a ” . ”

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOjEyMzQ1LCJpc3QiOiJwcm9qZWN0IiwiaWF0IjoxNDcyNjkxMDAyLCJleHAiOjE0NzI2OTEzMDJ9.m-x54n9EoNZaiCVmBWyaDsOstR4asCXjc7atEBCTHLU

Each of the three parts are created differently. In order, they are called:

  • Header

  • Claims

  • Signature

Header

The header carries 2 parts:

  • Type of the token, which is JWT
  • The hashing algorithm to use (OpenTok only supports HMAC-SHA256  as the token signing algorithm.)
typ: “JWT”
alg: “HS256"

The header is base64 encoded which results in:

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9

Claims

The claims will carry the bulk of our JWT, also called the payload. This is where we put the information that we want to transmit and other information about our token.

When calling OpenTok REST endpoints the required claims are listed below:

  • iss: The issuer of the token (in our example this is API Key such as “12345”)
  • ist: The issuer type (in our example this is string constant “project”)
  • iat: The iat claim indicates a UNIX timestamp at which the JWT was issued. It is useful to determine the age of the JWT.
  • exp: The exp claim is a UNIX timestamp indicating when the token will expire. The OpenTok REST endpoint verifies the exp against its system clock, plus some allowable clock skew. The expiration MUST be after the current date/time and cannot be longer than the max token lifetime, which is 5 minutes (300 seconds). We recommend using exp time 3 minutes.
iss:  12345,
ist: "project",
iat: 1472691002,
exp: 1472691302

The claims is base64 encoded which results in:

eyJpc3MiOjEyMzQ1LCJpc3QiOiJwcm9qZWN0IiwiaWF0IjoxNDcyNjkxMDAyLCJleHAiOjE0NzI2OTEzMDJ9

Signature

The final and, possibly, the most important part of the JWT is the signature. It is a hash made up of three components:

  1. Header
  2. Claims
  3. Secret (API Secret)

Using the header and claims strings combined we pass them through an HMACSHA256 function with API Secret.

Our signature looks as follows:

m-x54n9EoNZaiCVmBWyaDsOstR4asCXjc7atEBCTHLU

Now we have got all three parts of our JWT. Combining the three parts, we get:

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOjEyMzQ1LCJpc3QiOiJwcm9qZWN0IiwiaWF0IjoxNDcyNjkxMDAyLCJleHAiOjE0NzI2OTEzMDJ9.m-x54n9EoNZaiCVmBWyaDsOstR4asCXjc7atEBCTHLU

Here is the code snippet you can use to create tokens.

var jwt = require('jsonwebtoken');

const secret = 'secret'; //Replace this with your OpenTok API Secret
var token = jwt.sign({ iss: 12345, //Replace this with your OpenTok API Key
 ist: "project",
 iat: Math.floor(Date.now() / 1000), // e.g. 1472691002
 exp: Math.floor(Date.now() / 1000) + 300 // e.g. 1472691302
 }, secret);

console.log('Token: ' + token);

// decode
var decoded = jwt.verify(token, secret);
console.log('Decoded: ' + decoded);

Instruction on running this code: Save the code as a .js file and from the terminal run command npm install jsonwebtoken — save (assuming you have node and npm installed) and then run node fileName.js

JWT.io is great site to go through and test out how JWTs are made. The website provides great tools for decoding and encoding of the tokens, as well as a list of open source libraries you can use to generate JWT.

Conclusion

We are very excited to move our current authentication scheme to JWT, which are standard for token authentication used by many companies such as Facebook, IBM and Google.

The adaptability of the JWT will allow you to securely authenticate the OpenTok REST APIs quickly and easily without having to worry about passing sensitive information.

Partner authentication will be replaced by a single type of authentication scheme JWT. This also means that we are deprecating Partner Auth. Our Server SDKs have added the support for JWT. Please note that we will continue to support the deprecated authentication schemes until July 2017 to give you enough time to transition to JWT.

Read More

New Release: OpenTok iOS & Android 2.9

tokbox-inc_markWe are excited to announce the release of the OpenTok 2.9 Android and iOS SDKs. We’ve made a number of important changes with this release.

What’s new?

Automatic Reconnect

With this version your client can now automatically reconnect to OpenTok sessions after drops in network connectivity. This feature helps restore connectivity during transitions between network interfaces such as Wi-Fi and LTE, allowing you to expand the duration of the communication and provide a better quality of experience to your customers. You can find sample code showing you how to update your application here.

Read More

Camera Filters in OpenTok for Web

Despite the fact that filters are used a lot in non-WebRTC video applications like Photo Booth and SnapChat, we haven’t seen many WebRTC applications using these types of filters. This is probably because it hasn’t really been possible… until now.

It has always been possible to apply filters to video streams locally using the OpenTok platform by rendering the video into a Canvas element. The problem with this approach has always been that the person on the other end does not see the filter unless you apply the same filter on both the publisher and subscriber video. This would mean significant CPU load if you are subscribing to multiple participants. It also means that you don’t get to see the filters in the Archives.

Read More

Do 12% of WebRTC calls really fail?

WebRTC logoI was talking with our old friend Philipp Hancke and discussing how it could be possible that 12% of the WebRTC calls were failing.  This number came as a surprise to us as, based on our reports, the number of failures is significantly lower when it comes to OpenTok calls, even though the exact numbers depend on the specific use case you have.

So, we decided to grab some data and try to prove that WebRTC, at least in our platform, is doing a much better job.

Read More

Introducing The OpenTok Playground

tokbox-inc_markWhen evaluating a new product or service, we know how important it is to be able to test out the technology first.  Stakeholders in different areas of the business, both developers and non developers, need to see and understand how the technology works.

We’ve noticed that for customers evaluating the OpenTok platform, without using the API, it can be challenging to visualise your use case. Even when a developer works through our Quick Start Guide, there can be a need for additional implementation to build a custom proof of concept. All of this translates into time invested during the business’ evaluation phase of the product; worse yet, it can lead to an incomplete or inaccurate evaluation.

Read More

New Release: OpenTok iOS & Android 2.8

OpenTok mobile SDKsWe’re excited to announce the release of the 2.8 OpenTok iOS and Android SDK.  We’ve made significant improvements to audio/video quality, worked on bug fixes, as well as quality improvements introduced in the Google WebRTC M49 release.  In order to improve the quality of these SDKs further, we’ve also rolled out some important patches, the details of which are below, including support for IPv6 for iOS.

Read More

A Fond Farewell to Flash

Adobe FlashThe popular technology media would have us believe Flash is the worst technology flub since Windows Vista/Apple Maps. It is nothing but a giant security flaw and should never have existed. But pause for a moment and consider this – if it weren’t for Flash there would most likely be no Netflix, no Meerkat or Periscope, no YouTube, no Facebook Live.

You see, while these services may not have all been built on Flash originally, they all stand on the shoulders of the pioneering work Flash did around online video. So, while we’re all quick to celebrate its downfall and lament its many obvious flaws, let’s pause for a moment and remember that if not for the pioneers who inevitably make mistakes (Adobe with Flash perhaps more than most), there would be no progress.

Read More

Coming Soon: The New & Improved TokBox Account Interface

tokbox-inc_markSince we launched the new version of our platform back in 2012, one of our goals has always been to make it very easy to manage and understand how your applications are performing. In addition to simplifying how to build applications, we believe that those are the key elements for a great experience.

Over the last year we have been working on a completely new way to interact with your TokBox account. As our user-base grew and diversified, it was obvious that our previous dashboard was not enough and needed to be extended. With the number of new tools and services that are in the works, we realized that it was a good opportunity to future proof our stack and give you, our users, a much better experience.

Read More