Sessions
The VideoKit object is automatically initialized on application start-up, but in order to communicate with our servers, you will need to start a session using your Video.io API token.
Get an API token
All Video.io APIs should be authenticated using the Video.io API token. To retrieve your token, login to dashboard.video.io and navigate to Apps → Your App → API TOKEN.
Start a session
As said, a session should be created before using any other Video.io API that communicates with our servers. What is the right moment to start a session?
- If your app has no login system, the session can be safely started in
Application.onCreate()
- If users login into your app, the session should be bound to the login lifecycle. In other words, you can start a Video.io session whenever you know the user ID.
Sessions are started through the session manager (VideoKit.sessions()
) and require you to pass
the API token and an identifier of the current logged in user. This identifier is extremely
important because performing certain operations on videos require a session that uses the same
identifier with which the video was created for the first time.
val sessions: SessionManager = VideoKit.sessions()
sessions.start(TOKEN, currentUserIdentifier).onSuccess {
// Authenticated!
}.onError {
// Something went wrong.
}
As you can see, the start()
method returns a Call
object described here.
Start a session securely
To improve security, the session token management should be handled by your backend, following the flow:
- your app communicates with your server, e.g. at login time, asking for a video.io session token
- your server communicates with video.io using the REST API or the Node.js SDK, passing the API token and the user ID and receiving back the user session token.
- your app receives the session token from server, and notifies the VideoKit SDK through the session manager:
val sessions: SessionManager = VideoKit.sessions()
sessions.start(sessionToken)
In this case no async Call
object is returned - it is your responsibility to check that the session
token is valid and not expired.
Scoped sessions
In addition to token and identifier, the session manager can take an array of strings identifying the user role and permissions. Please check the REST API documentation for a list of scopes and what then mean.
Stop a session
To clear the current session, simply call stop()
:
val sessions: SessionManager = VideoKit.sessions()
sessions.stop()
Check the session state
To access the current session, simply call get()
or collect the session flow SessionManager.session
.
You can also add and remove session observers, which can be useful in certain scenarios.
val sessions: SessionManager = VideoKit.sessions()
val session: Session? = sessions.get()
sessions.addObserver(object : SessionManager.Observer {
override fun onSessionChanged(session: Session?) {
// Session changed!
}
})
Session loader
In addition or in replacement to the session management described above, you have the chance to provide
a session loader object with the SessionManager.loader
property.
VideoKit.sessions().loader = object : SessionLoader {
override suspend fun load(manager: SessionManager) {
// call manager.start() before returning!
}
override suspend fun load(manager: SessionManager, expired: Session) {
// call manager.start() before returning!
}
}
The loader callbacks will be invoked when trying to call a remote, authenticated API with no session or expired session. This way you have a chance to provide your own session when needed.