JWT Generator AWS

Are you a frontend developer OR are you feeling lazy to setup a backend server of your own just to authenticate your meetings?

Please follow the below steps to host your own Clan Meeting JWT generator on Amazon Web Services. No coding skills are required to implement this. We assume that you already have an AWS account.

Create IAM credentials for deployment #

1. Login to AWS account.

2. Click on your username@account at the top right corner and select Security Credentials

3. Create access key using the button Create access key under AWS IAM credentials tab.

4. Note down the access key and secret.

Clone the repo into your local from GitHub #

xxxxxxxxxx
1
1
git clone https://github.com/clanmeeting/node-jwt-generator-aws-lambda.git

Deploy to AWS #

1. Install nodejs if required.

    

2. Open terminal or command prompt as applicable.

    

3. Change directory to the path where you have cloned the repo.

   xxxxxxxxxx
   1
   1
   cd /path/to/cloned/repo
   

    

4. Install all the npm packages. Omit sudo if not required.

   x
   1
   sudo npm install
   

    

5. Download your private key file from the Clan Meeting Dashboard and copy it in the private-keys folder as cm-api-key-consumerId.pem. Remember to rename the file by appending your Clan Meeting consumerId.

6. Edit the AWS region and memory allocation in serverless.yml file if required.

    

7. JWTs will be valid for 5 minutes only. If you want to change this value, please do so in the app.js file under payload section.

    

8. Execute the following from your locally cloned repo. Deployment will take a few minutes.

x
1
sudo npm install -g serverless
2

3
# Use the Access key and secret created in above step
4
sudo serverless config credentials --provider aws --key <aws_iam_key> --secret <aws_iam_secret>
5

6
# Deploy whenever you make changes
7
sudo npm run deploy

9. You can overwrite the deployment as many times as you want with your changes. But in case you want to remove the deployment, execute this.

xxxxxxxxxx
1
sudo serverless remove --stage prod --region <your_aws_region>

10. On successful deployment you should see a message similar to below message.

✔ Service deployed to stack clan-meeting-video-api-prod (55s)

Add an API key for authentication #

The API that we created is public right now. So we need to lock it down using a key.

1. Search for API Gateway in AWS

2. Select prod-clan-meeting-video-api

    

3. Click Resources. Click / ANY and /{proxy+} ANY one by one. Click on Method Request.

   

4. Set API Key Required to true for both / and /{proxy+} ANY methods

5. Click on Usage Plans from the left side menu

   

6. Create a basic usage plan as follows and Add API Stage by selecting the API as prod-clan-meeting-video-api and stage as prod.

   

6. Create an API key. Name it clanmeeting.

7. Add this API key to the Usage Plan created in previous steps.

8. Click on Show button to see the API Key.

9. Deploy the changes by clicking on Deploy API under the Actions dropdown in the Resources section as shown in the screenshot.

   

10. Click on Dashboard in the left side menu to get your API URL. Example:

https://xxxxxxxx.execute-api.ap-south-1.amazonaws.com/prod/

JWT Generator API is ready to use #

GET the JWT from the JWT generator API as follows:

Base URL: https://xxxxxxxx.execute-api.ap-south-1.amazonaws.com/prod

GET /api/v1/consumers/{consumerId}/jwts

Parameters:

roomName

Pass the meeting room name for which you are trying to generate a token.

Headers

X-Api-Key

Pass the API Key created above as a header while sending the GET request.

Example JavaScript Code #

xxxxxxxxxx
1
// EDIT HERE
2
const domain = 'clanmeeting-domain';
3
const consumerId = 'clanmeeting-consumer-id';
4
const roomName = 'unique-room-name';
5
const optionalProperties = {
6
  jwt: '',
7
  roomName: roomName,
8
};
9

10
const meeting = new ClanMeeting(domain, consumerId, optionalProperties);
11

12
window.onload = function () {
13
  // EDIT HERE
14
  fetch(`https://xxxxxxxx.execute-api.ap-south-1.amazonaws.com/prod/api/v1/consumers/clanmeeting-consumer-id/jwts?roomName=${roomName}`, {
15
    method: 'GET',
16
    headers: {
17
      // EDIT HERE
18
      'X-Api-Key': 'aws-api-key'
19
    },
20
  })
21
    .then((response) => response.json())
22
    .then((json) => {
23
      if (json.success) {
24
        // get the token from the response data
25
        const token = json.data.token;
26
        // set jwt property to token value
27
        meeting.jwt = token;
28
        // then start the meeting
29
        meeting.start();
30
        // EDIT HERE
31
        // REST OF THE LOGIC
32
      }
33
    })
34
    .catch((err) => console.log(err));
35
};
36

37
window.onunload = function () {
38
  meeting.end();
39
};

Optional (CORS) #

If you want to restrict access to your API from certain origins only, you can edit the CORS policy by referring to the examples here.

https://github.com/expressjs/cors#readme

Make these changes in the app.js file of the repo and redeploy to AWS with the below command from the local repo directory.

1
1
sudo npm run deploy