A robust user authentication system is implemented to ensure our platform's security and privacy. User credentials are securely stored and encrypted using industry-standard methods. Access control is enforced through carefully managed permissions, granting users access only to features and functionalities based on the entitlements. This approach adheres to stringent security and data protection standards. Personalized services are provided by leveraging stored credentials, allowing for tailored user experiences. It is important to note that authentication is mandatory for utilizing any functionality within the TruvideoSDK.
Note
Please note that authentication is a prerequisite for utilizing any functionality within the TruvideoSDK.
The Truvideo SDK provides two properties that serve to check the authentication status:
isAuthenticated() : Returns true or false indicating whether the client is authenticated. Please note that authentication may be expired.
isAuthenticationExpired() : Return true or false indicating whether the authentication is expired. If the client is not authenticated, it always returns false.
How to authenticate
The authenticate method requires the following inputs:
ApiKey: A string provided by Truvideo upon registration.
Payload: Essential data containing device information, generated internally using the generatePayload() function.
Signature: Encrypt the payload with the provided secret key using the SHA256 algorithm to regenerate the signature.
Upon completion, it triggers the onReady callback or the onError callback in case of an error.
Algorithm for encoding the signature
The encoding algorithm operates by taking the secret key and payload as inputs, generating an encoded string suitable for authentication purposes.
Clear Authentication
To delete the current session and erase all associated authentication data, utilize the clearAuthentication() method
Note
We suggest avoiding storing the secret within the host application. Instead, set up a private backend owned by you. This backend will handle the payload from the Truvideo SDK and generate the signature. By doing this, you can prevent the secret from being exposed, reducing the risk of security issues
async function auth() {
try {
const isAuth = await TruVideoSdkCore.isAuthenticated();
// Check if authentication token has expired
const isAuthExpired = await TruVideoSdkCore.isAuthenticationExpired();
//generate payload for authenticatio
const payload = await TruVideoSdkCore.generatePayload();
const mainPayload = String(payload.generatePayload);
const apiKey = "Enter API Key";
const secretKey = "Enter Secret Key ";
const signature = await TruVideoSdkCore.toSha256String({
secretKey: secretKey,
payload: mainPayload
});
const externalId = "";
// Authenticate only if not already authenticated or session expired
if (!isAuth.isAuthenticated || isAuthExpired.isAuthenticationExpired) {
await TruVideoSdkCore.authenticate({
apiKey: apiKey,
payload: mainPayload ,
signature: signature.signature,
externalId: externalId
});
}
// If user is authenticated successfully
await TruVideoSdkCore.initAuthentication();
//setAuthenticationValue("Authentication Successful");
} catch (error) {
console.error('Authentication Error:', error);
}
}
