agora-ruby 0.1.0

data/lib/agora/dynamic_key/rtc_token_builder.rb

@@ -0,0 +1,112 @@
+module Agora::AgoraDynamicKey
+
+  class RTCTokenBuilder
+    class InvalidParamsError < StandardError
+      attr_reader :params, :missing_keys
+      def initialize args={}
+        super
+        @params = args[:params]
+        @missing_keys = args[:missing_keys]
+      end
+    end
+
+    module Role
+      # DEPRECATED. Role::ATTENDEE has the same privileges as Role::PUBLISHER.
+      ATTENDEE = 0
+
+      # RECOMMENDED. Use this role for a voice/video call or a live broadcast, if your scenario does not require authentication for [Co-host](https://docs.agora.io/en/video-calling/get-started/authentication-workflow?#co-host-token-authentication).
+      PUBLISHER = 1
+
+      # Only use this role if your scenario require authentication for [Co-host](https://docs.agora.io/en/video-calling/get-started/authentication-workflow?#co-host-token-authentication).
+      # @note In order for this role to take effect, please contact our support team to enable authentication for Co-host for you. Otherwise, Role::SUBSCRIBER still has the same privileges as Role::PUBLISHER.
+      SUBSCRIBER = 2
+
+      # DEPRECATED. Role::ADMIN has the same privileges as Role::PUBLISHER.
+      ADMIN = 101
+    end
+
+    class << self
+
+      #
+      # Builds an RTC token using an Integer uid.
+      # @param payload
+      # :app_id The App ID issued to you by Agora.
+      # :app_certificate Certificate of the application that you registered in the Agora Dashboard.
+      # :channel_name The unique channel name for the AgoraRTC session in the string format. The string length must be less than 64 bytes. Supported character scopes are:
+      # - The 26 lowercase English letters: a to z.
+      # - The 26 uppercase English letters: A to Z.
+      # - The 10 digits: 0 to 9.
+      # - The space.
+      # - "!", "#", "$", "%", "&", "(", ")", "+", "-", ":", ";", "<", "=", ".", ">", "?", "@", "[", "]", "^", "_", " {", "}", "|", "~", ",".
+      # :uid User ID. A 32-bit unsigned integer with a value ranging from 1 to (2^32-1).
+      # :role See #userRole.
+      # - Role::PUBLISHER; RECOMMENDED. Use this role for a voice/video call or a live broadcast.
+      # - Role::SUBSCRIBER: ONLY use this role if your live-broadcast scenario requires authentication for [Co-host](https://docs.agora.io/en/video-calling/get-started/authentication-workflow?#co-host-token-authentication). In order for this role to take effect, please contact our support team to enable authentication for Co-host for you. Otherwise, Role_Subscriber still has the same privileges as Role_Publisher.
+      # :privilege_expired_ts represented by the number of seconds elapsed since 1/1/1970. If, for example, you want to access the Agora Service within 10 minutes after the token is generated, set expireTimestamp as the current timestamp + 600 (seconds).
+      #
+      # @return The new Token.
+      #
+      def build_token_with_uid payload
+        check! payload, %i[app_id app_certificate channel_name role uid privilege_expired_ts]
+        build_token_with_account @params.merge(:account => @params[:uid])
+      end
+
+      #
+      # Builds an RTC token using a string user_account.
+      # @param payload
+      # :app_id The App ID issued to you by Agora.
+      # :app_certificate Certificate of the application that you registered in the Agora Dashboard.
+      # :channel_name The unique channel name for the AgoraRTC session in the string format. The string length must be less than 64 bytes. Supported character scopes are:
+      # - The 26 lowercase English letters: a to z.
+      # - The 26 uppercase English letters: A to Z.
+      # - The 10 digits: 0 to 9.
+      # - The space.
+      # - "!", "#", "$", "%", "&", "(", ")", "+", "-", ":", ";", "<", "=", ".", ">", "?", "@", "[", "]", "^", "_", " {", "}", "|", "~", ",".
+      # :account The user account.
+      # :role See #userRole.
+      # - Role::PUBLISHER; RECOMMENDED. Use this role for a voice/video call or a live broadcast.
+      # - Role::SUBSCRIBER: ONLY use this role if your live-broadcast scenario requires authentication for [Co-host](https://docs.agora.io/en/video-calling/get-started/authentication-workflow?#co-host-token-authentication). In order for this role to take effect, please contact our support team to enable authentication for Co-host for you. Otherwise, Role_Subscriber still has the same privileges as Role_Publisher.
+      # :privilege_expired_ts represented by the number of seconds elapsed since 1/1/1970. If, for example, you want to access the Agora Service within 10 minutes after the token is generated, set expireTimestamp as the current timestamp + 600 (seconds).
+      #
+      # @return The new Token.
+      #
+      def build_token_with_account payload
+        check! payload, %i[app_id app_certificate channel_name role account privilege_expired_ts]
+        @params.merge!(:uid => @params[:account])
+        generate_access_token!
+      end
+
+      private
+
+      # generate access token
+      def generate_access_token!
+        # Assign appropriate access privileges to each role.
+        Agora::AgoraDynamicKey::AccessToken.generate!(@params) do |t|
+          t.grant Agora::AgoraDynamicKey::Privilege::JOIN_CHANNEL, t.privilege_expired_ts
+          if @params[:role] == Role::PUBLISHER ||
+            @params[:role] == Role::SUBSCRIBER ||
+            @params[:role] == Role::ADMIN
+            t.grant Agora::AgoraDynamicKey::Privilege::PUBLISH_AUDIO_STREAM, t.privilege_expired_ts
+            t.grant Agora::AgoraDynamicKey::Privilege::PUBLISH_VIDEO_STREAM, t.privilege_expired_ts
+            t.grant Agora::AgoraDynamicKey::Privilege::PUBLISH_DATA_STREAM, t.privilege_expired_ts
+          end
+        end
+      end
+
+      # params check
+      def check!(payload, args)
+        raise InvalidParamsError.new(params: payload), "invalid params" if payload.nil? or payload.empty?
+        symbolize_keys payload.select { |key| args.include? key }
+        missing_keys = args - @params.keys
+        raise InvalidParamsError.new(params: payload, missing_keys: missing_keys), "missing params" if missing_keys.size != 0
+        _invalid_params = @params.select { |hash, (k, v)| v.nil? or v.empty?}
+        raise InvalidParamsError.new(params: payload), "invalid params" if _invalid_params.empty?
+      end
+
+      # symbolize keys
+      def symbolize_keys payload
+        @params = payload.inject({}) { |hash, (k, v)| hash[k.to_sym] = v; hash }
+      end
+    end
+  end
+end

data/lib/agora/dynamic_key/rtm_token_builder.rb

@@ -0,0 +1,46 @@
+module Agora::AgoraDynamicKey
+  class RTMTokenBuilder
+    module Role
+      RTM_USER = 1
+    end
+
+    class << self
+      attr_accessor :token
+
+      #
+      # @param payload
+      # :app_id app_id The App ID issued to you by Agora. Apply for a new App ID from
+      #        Agora Dashboard if it is missing from your kit. See Get an App ID.
+      # :app_certificate app_certificate Certificate of the application that you registered in
+      #        the Agora Dashboard. See Get an App Certificate.
+      # :role role Agora::AgoraDynamicKey::RTCTokenBuilder::Role::RTM_USER = 1: RTM USER
+      # :account  User Account.
+      # :privilege_expired_ts represented by the number of seconds elapsed since 1/1/1970.
+      #        If, for example, you want to access the Agora Service within 10 minutes
+      #        after the token is generated, set expireTimestamp as the current time stamp
+      #        + 600 (seconds).
+      def build_token payload
+        check! payload, %i[app_id app_certificate role account privilege_expired_ts]
+        token = AccessToken.new @params.merge(:channel_name => @params[:account])
+        token.grant Privilege::RTM_LOGIN, @params[:privilege_expired_ts]
+        token.build!
+      end
+
+      private
+      # params check
+      def check!(payload, args)
+        raise InvalidParamsError.new(params: payload), "invalid params" if payload.nil? or payload.empty?
+        symbolize_keys payload.select { |key| args.include? key }
+        missing_keys = args - @params.keys
+        raise InvalidParamsError.new(params: payload, missing_keys: missing_keys), "missing params" if missing_keys.size != 0
+        _invalid_params = @params.select { |hash, (k, v)| v.nil? or v.empty?}
+        raise InvalidParamsError.new(params: payload), "invalid params" if _invalid_params.empty?
+      end
+
+      # symbolize keys
+      def symbolize_keys payload
+        @params = payload.inject({}) { |hash, (k, v)| hash[k.to_sym] = v; hash }
+      end
+    end
+  end
+end

data/lib/agora/dynamic_key/sign.rb

@@ -0,0 +1,73 @@
+# encoding: utf-8
+
+module Agora::AgoraDynamicKey
+  class Sign
+    MAX_SIZE = 1024
+    SHA256 = OpenSSL::Digest.new("sha256")
+    class InvalidToken < StandardError; end
+
+    class << self
+      private def parse_map_uint32 map
+        binary = [map.size].pack "v"
+        binary << map.flatten.pack("vV"*map.size)
+      end
+
+      def encode option
+        encode! option
+      rescue
+        false
+      end
+
+      def encode! option
+        # pack message
+        message = [option.salt, option.expired_ts].pack "VV" # pack into uint16 with little endian
+        message << parse_map_uint32(option.privileges)
+
+        # generate signature
+        to_sign = "#{option.app_id}#{option.channel_name}#{option.uid}#{message}"
+
+        sign = OpenSSL::HMAC.new(option.app_certificate, SHA256).update(to_sign).digest
+
+        crc32_channel_name = Zlib::crc32(option.channel_name) & 0xffffffff
+        crc32_uid = Zlib::crc32("#{option.uid}") & 0xffffffff
+
+        uint32_channel_name = [crc32_channel_name].pack "V"
+        uint32_uid = [crc32_uid].pack "V"
+
+        uint16_sign_size = [sign.size].pack "v"
+
+        uint16_message_size = [message.size].pack "v"
+        # generate content
+        content = "#{uint16_sign_size}#{sign}#{uint32_channel_name}#{uint32_uid}#{uint16_message_size}#{message}"
+        # final content
+        "#{AccessToken::VERSION}#{option.app_id}#{Base64.strict_encode64(content)}"
+      end
+
+      def decode string
+        docode!
+      rescue
+        false
+      end
+
+      def decode! string
+        version = string[0..2]
+        raise InvalidToken, "can't match version" unless version == Agora::AgoraDynamicKey::AccessToken::VERSION
+        appId = string[3..3+31]
+        content = string[3+32..-1]
+        content_binary = Base64.strict_decode64(content)
+        uint16_sign_size = content_binary.unpack("v")[0]
+        sign = content_binary[2, uint16_sign_size].unpack "H*"
+        offset = uint16_sign_size + 2
+        uint32_channel_name, uint32_uid = content_binary[offset..offset+1].unpack("VV")
+        offset = offset + 8
+        uint16_message_size = content_binary[offset..offset+1].unpack("v")[0]
+        offset = offset + 2
+        message = content_binary[offset..offset+uint16_message_size]
+        salt, expired_ts = message[0..7].unpack("V*")
+        privileges_size = message[8..9].unpack("v")[0]
+        message[10..-1].unpack("vV"*privileges_size)
+        true
+      end
+    end
+  end
+end

data/lib/agora/dynamic_key.rb

@@ -0,0 +1,13 @@
+require 'openssl'
+require 'securerandom'
+require 'zlib'
+require 'base64'
+
+module Agora
+  module DynamicKey
+    require_relative 'dynamic_key/sign'
+    require_relative 'dynamic_key/access_token'
+    require_relative 'dynamic_key/rtc_token_builder'
+    require_relative 'dynamic_key/rtm_token_builder'
+  end
+end

data/lib/agora/dynamic_key2/access_token.rb

@@ -0,0 +1,220 @@
+require 'openssl'
+require 'zlib'
+require 'base64'
+
+module Agora::AgoraDynamicKey2
+  class Service
+    attr_accessor :type, :privileges
+
+    def initialize(type)
+      @type = type
+      @privileges = {}
+    end
+
+    def add_privilege(privilege, expire)
+      @privileges[privilege] = expire
+    end
+
+    def fetch_uid(uid)
+      return '' if uid.eql?(0)
+
+      uid.to_s
+    end
+
+    def pack
+      Util.pack_uint16(@type) + Util.pack_map_uint32(@privileges)
+    end
+
+    def unpack(data)
+      @privileges, data = Util.unpack_map_uint32(data)
+    end
+  end
+
+  class ServiceRtc < Service
+    attr_accessor :channel_name, :uid
+
+    SERVICE_TYPE = 1
+    PRIVILEGE_JOIN_CHANNEL = 1
+    PRIVILEGE_PUBLISH_AUDIO_STREAM = 2
+    PRIVILEGE_PUBLISH_VIDEO_STREAM = 3
+    PRIVILEGE_PUBLISH_DATA_STREAM = 4
+
+    def initialize(channel_name = '', uid = '')
+      super(SERVICE_TYPE)
+      @channel_name = channel_name
+      @uid = fetch_uid(uid)
+    end
+
+    def pack
+      super() + Util.pack_string(@channel_name) + Util.pack_string(@uid)
+    end
+
+    def unpack(data)
+      _, data = super(data)
+      @channel_name, data = Util.unpack_string(data)
+      @uid, data = Util.unpack_string(data)
+    end
+  end
+
+  class ServiceRtm < Service
+    attr_accessor :user_id
+
+    SERVICE_TYPE = 2
+    PRIVILEGE_JOIN_LOGIN = 1
+
+    def initialize(user_id = '')
+      super(SERVICE_TYPE)
+      @user_id = user_id
+    end
+
+    def pack
+      super() + Util.pack_string(@user_id)
+    end
+
+    def unpack(data)
+      _, data = super(data)
+      @user_id, data = Util.unpack_string(data)
+    end
+  end
+
+  class ServiceFpa < Service
+    SERVICE_TYPE = 4
+    PRIVILEGE_LOGIN = 1
+
+    def initialize
+      super(SERVICE_TYPE)
+    end
+
+    def pack
+      super()
+    end
+
+    def unpack(data)
+      _, data = super(data)
+    end
+  end
+
+  class ServiceChat < Service
+    attr_accessor :uid
+
+    SERVICE_TYPE = 5
+    PRIVILEGE_USER = 1
+    PRIVILEGE_APP = 2
+
+    def initialize(uid = '')
+      super(SERVICE_TYPE)
+      @uid = fetch_uid(uid)
+    end
+
+    def pack
+      super() + Util.pack_string(@uid)
+    end
+
+    def unpack(data)
+      _, data = super(data)
+      @uid, data = Util.unpack_string(data)
+    end
+  end
+
+  class ServiceApaas < Service
+    attr_accessor :room_uuid, :user_uuid, :role
+
+    SERVICE_TYPE = 7
+    PRIVILEGE_ROOM_USER = 1
+    PRIVILEGE_USER = 2
+    PRIVILEGE_APP = 3
+
+    def initialize(room_uuid = '', user_uuid = '', role = -1)
+      super(SERVICE_TYPE)
+      @room_uuid = room_uuid
+      @user_uuid = user_uuid
+      @role = role
+    end
+
+    def pack
+      super() + Util.pack_string(@room_uuid) + Util.pack_string(@user_uuid) + Util.pack_int16(@role)
+    end
+
+    def unpack(data)
+      _, data = super(data)
+      @room_uuid, data = Util.unpack_string(data)
+      @user_uuid, data = Util.unpack_string(data)
+      @role, data = Util.unpack_int16(data)
+    end
+  end
+
+  class AccessToken
+    attr_accessor :app_cert, :app_id, :expire, :issue_ts, :salt, :services
+
+    VERSION = '007'.freeze
+    VERSION_LENGTH = 3
+    SERVICES = { ServiceRtc::SERVICE_TYPE => ServiceRtc,
+                  ServiceRtm::SERVICE_TYPE => ServiceRtm,
+                  ServiceFpa::SERVICE_TYPE => ServiceFpa,
+                  ServiceChat::SERVICE_TYPE => ServiceChat,
+                  ServiceApaas::SERVICE_TYPE => ServiceApaas }.freeze
+
+    def initialize(app_id = '', app_cert = '', expire = 900)
+      @app_id = app_id
+      @app_cert = app_cert
+      @expire = expire
+      @issue_ts = Time.now.to_i
+      @salt = rand(1...99_999_999)
+      @services = {}
+    end
+
+    def add_service(service)
+      @services[service.type] = service
+    end
+
+    def build
+      return '' if !uuid?(@app_id) || !uuid?(@app_cert)
+
+      signing = fetch_sign
+      data = Util.pack_string(@app_id) + Util.pack_uint32(@issue_ts) + Util.pack_uint32(@expire) \
+                    + Util.pack_uint32(@salt) + Util.pack_uint16(@services.size)
+
+      @services.each do |_, service|
+        data += service.pack
+      end
+
+      signature = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), signing, data)
+      fetch_version + Base64.strict_encode64(Zlib::Deflate.deflate(Util.pack_string(signature) + data))
+    end
+
+    def fetch_sign
+      sign = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), Util.pack_uint32(@issue_ts), @app_cert)
+      OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), Util.pack_uint32(@salt), sign)
+    end
+
+    def fetch_version
+      VERSION
+    end
+
+    def uuid?(str)
+      return false if str.length != 32
+
+      true
+    end
+
+    def parse(token)
+      return false if token[0..VERSION_LENGTH - 1] != fetch_version
+
+      data = Zlib::Inflate.inflate(Base64.strict_decode64(token[VERSION_LENGTH..-1]))
+      signature, data = Util.unpack_string(data)
+      @app_id, data = Util.unpack_string(data)
+      @issue_ts, data = Util.unpack_uint32(data)
+      @expire, data = Util.unpack_uint32(data)
+      @salt, data = Util.unpack_uint32(data)
+      service_num, data = Util.unpack_uint16(data)
+
+      (1..service_num).each do
+        service_type, data = Util.unpack_uint16(data)
+        service = SERVICES[service_type].new
+        _, data = service.unpack(data)
+        @services[service_type] = service
+      end
+      true
+    end
+  end
+end

data/lib/agora/dynamic_key2/apaas_token_builder.rb

@@ -0,0 +1,73 @@
+module Agora::AgoraDynamicKey2
+  class ApaasTokenBuilder
+    # Build room user token.
+    #
+    # app_id: The App ID issued to you by Agora. Apply for a new App ID from Agora Dashboard if it is missing
+    #     from your kit. See Get an App ID.
+    # app_certificate: Certificate of the application that you registered in the Agora Dashboard.
+    #     See Get an App Certificate.
+    # room_uuid: The room's id, must be unique.
+    # user_uuid: The user's id, must be unique.
+    # role: The user's role.
+    # expire: represented by the number of seconds elapsed since now. If, for example, you want to access the
+    #     Agora Service within 10 minutes after the token is generated, set expire as 600(seconds).
+    # return: The room user token.
+    def self.build_room_user_token(app_id, app_certificate, room_uuid, user_uuid, role, expire)
+      access_token = Agora::AgoraDynamicKey2::AccessToken.new(app_id, app_certificate, expire)
+
+      chat_user_id = Digest::MD5.hexdigest user_uuid
+      service_apaas = Agora::AgoraDynamicKey2::ServiceApaas.new(room_uuid, user_uuid, role)
+      service_apaas.add_privilege(Agora::AgoraDynamicKey2::ServiceApaas::PRIVILEGE_ROOM_USER, expire)
+      access_token.add_service(service_apaas)
+
+      service_rtm = Agora::AgoraDynamicKey2::ServiceRtm.new(user_uuid)
+      service_rtm.add_privilege(Agora::AgoraDynamicKey2::ServiceRtm::PRIVILEGE_JOIN_LOGIN, expire)
+      access_token.add_service(service_rtm)
+
+      service_chat = Agora::AgoraDynamicKey2::ServiceChat.new(chat_user_id)
+      service_chat.add_privilege(Agora::AgoraDynamicKey2::ServiceChat::PRIVILEGE_USER, expire)
+      access_token.add_service(service_chat)
+
+      access_token.build
+    end
+
+    # Build user token.
+    #
+    # app_id: The App ID issued to you by Agora. Apply for a new App ID from Agora Dashboard if it is missing
+    #     from your kit. See Get an App ID.
+    # app_certificate: Certificate of the application that you registered in the Agora Dashboard.
+    #     See Get an App Certificate.
+    # user_uuid: The user's id, must be unique.
+    # expire: represented by the number of seconds elapsed since now. If, for example, you want to access the
+    #     Agora Service within 10 minutes after the token is generated, set expire as 600(seconds).
+    # return: The user token.
+    def self.build_user_token(app_id, app_certificate, user_uuid, expire)
+      access_token = Agora::AgoraDynamicKey2::AccessToken.new(app_id, app_certificate, expire)
+
+      service_apaas = Agora::AgoraDynamicKey2::ServiceApaas.new('', user_uuid)
+      service_apaas.add_privilege(Agora::AgoraDynamicKey2::ServiceApaas::PRIVILEGE_USER, expire)
+      access_token.add_service(service_apaas)
+
+      access_token.build
+    end
+
+    # Build app token.
+    #
+    # app_id: The App ID issued to you by Agora. Apply for a new App ID from Agora Dashboard if it is missing
+    #     from your kit. See Get an App ID.
+    # app_certificate: Certificate of the application that you registered in the Agora Dashboard.
+    #     See Get an App Certificate.
+    # expire: represented by the number of seconds elapsed since now. If, for example, you want to access the
+    #     Agora Service within 10 minutes after the token is generated, set expire as 600(seconds).
+    # return: The app token.
+    def self.build_app_token(app_id, app_certificate, expire)
+      access_token = Agora::AgoraDynamicKey2::AccessToken.new(app_id, app_certificate, expire)
+
+      service_apaas = Agora::AgoraDynamicKey2::ServiceApaas.new
+      service_apaas.add_privilege(Agora::AgoraDynamicKey2::ServiceApaas::PRIVILEGE_APP, expire)
+      access_token.add_service(service_apaas)
+
+      access_token.build
+    end
+  end
+end

data/lib/agora/dynamic_key2/chat_token_builder.rb

@@ -0,0 +1,42 @@
+module Agora::AgoraDynamicKey2
+  class ChatTokenBuilder
+    # Build the Chat user token.
+    #
+    # @param app_id:          The App ID issued to you by Agora. Apply for a new App ID from
+    #                         Agora Dashboard if it is missing from your kit. See Get an App ID.
+    # @param app_certificate: Certificate of the application that you registered in
+    #                         the Agora Dashboard. See Get an App Certificate.
+    # @param user_id:         The user's account, max length is 64 Bytes.
+    # @param expire:          represented by the number of seconds elapsed since now. If, for example, you want to access the
+    #                         Agora Service within 10 minutes after the token is generated, set expire as 600(seconds).
+    # @return The Chat User token.
+    def self.build_user_token(app_id, app_certificate, user_id, expire)
+      access_token = Agora::AgoraDynamicKey2::AccessToken.new(app_id, app_certificate, expire)
+
+      service_chat = Agora::AgoraDynamicKey2::ServiceChat.new(user_id)
+      service_chat.add_privilege(Agora::AgoraDynamicKey2::ServiceChat::PRIVILEGE_USER, expire)
+      access_token.add_service(service_chat)
+
+      access_token.build
+    end
+
+    # Build the Chat App token.
+    #
+    # @param app_id:          The App ID issued to you by Agora. Apply for a new App ID from
+    #                         Agora Dashboard if it is missing from your kit. See Get an App ID.
+    # @param app_certificate: Certificate of the application that you registered in
+    #                         the Agora Dashboard. See Get an App Certificate.
+    # @param expire:          represented by the number of seconds elapsed since now. If, for example, you want to access the
+    #                         Agora Service within 10 minutes after the token is generated, set expire as 600(seconds).
+    # @return The Chat App token.
+    def self.build_app_token(app_id, app_certificate, expire)
+      access_token = Agora::AgoraDynamicKey2::AccessToken.new(app_id, app_certificate, expire)
+
+      service_chat = Agora::AgoraDynamicKey2::ServiceChat.new
+      service_chat.add_privilege(Agora::AgoraDynamicKey2::ServiceChat::PRIVILEGE_APP, expire)
+      access_token.add_service(service_chat)
+
+      access_token.build
+    end
+  end
+end

data/lib/agora/dynamic_key2/education_token_builder.rb

@@ -0,0 +1,73 @@
+module Agora::AgoraDynamicKey2
+  class EducationTokenBuilder
+    # Build room user token.
+    #
+    # app_id: The App ID issued to you by Agora. Apply for a new App ID from Agora Dashboard if it is missing
+    #     from your kit. See Get an App ID.
+    # app_certificate: Certificate of the application that you registered in the Agora Dashboard.
+    #     See Get an App Certificate.
+    # room_uuid: The room's id, must be unique.
+    # user_uuid: The user's id, must be unique.
+    # role: The user's role.
+    # expire: represented by the number of seconds elapsed since now. If, for example, you want to access the
+    #     Agora Service within 10 minutes after the token is generated, set expire as 600(seconds).
+    # return: The room user token.
+    def self.build_room_user_token(app_id, app_certificate, room_uuid, user_uuid, role, expire)
+      access_token = Agora::AgoraDynamicKey2::AccessToken.new(app_id, app_certificate, expire)
+
+      chat_user_id = Digest::MD5.hexdigest user_uuid
+      service_apaas = Agora::AgoraDynamicKey2::ServiceApaas.new(room_uuid, user_uuid, role)
+      service_apaas.add_privilege(Agora::AgoraDynamicKey2::ServiceApaas::PRIVILEGE_ROOM_USER, expire)
+      access_token.add_service(service_apaas)
+
+      service_rtm = Agora::AgoraDynamicKey2::ServiceRtm.new(user_uuid)
+      service_rtm.add_privilege(Agora::AgoraDynamicKey2::ServiceRtm::PRIVILEGE_JOIN_LOGIN, expire)
+      access_token.add_service(service_rtm)
+
+      service_chat = Agora::AgoraDynamicKey2::ServiceChat.new(chat_user_id)
+      service_chat.add_privilege(Agora::AgoraDynamicKey2::ServiceChat::PRIVILEGE_USER, expire)
+      access_token.add_service(service_chat)
+
+      access_token.build
+    end
+
+    # Build user token.
+    #
+    # app_id: The App ID issued to you by Agora. Apply for a new App ID from Agora Dashboard if it is missing
+    #     from your kit. See Get an App ID.
+    # app_certificate: Certificate of the application that you registered in the Agora Dashboard.
+    #     See Get an App Certificate.
+    # user_uuid: The user's id, must be unique.
+    # expire: represented by the number of seconds elapsed since now. If, for example, you want to access the
+    #     Agora Service within 10 minutes after the token is generated, set expire as 600(seconds).
+    # return: The user token.
+    def self.build_user_token(app_id, app_certificate, user_uuid, expire)
+      access_token = Agora::AgoraDynamicKey2::AccessToken.new(app_id, app_certificate, expire)
+
+      service_apaas = Agora::AgoraDynamicKey2::ServiceApaas.new('', user_uuid)
+      service_apaas.add_privilege(Agora::AgoraDynamicKey2::ServiceApaas::PRIVILEGE_USER, expire)
+      access_token.add_service(service_apaas)
+
+      access_token.build
+    end
+
+    # Build app token.
+    #
+    # app_id: The App ID issued to you by Agora. Apply for a new App ID from Agora Dashboard if it is missing
+    #     from your kit. See Get an App ID.
+    # app_certificate: Certificate of the application that you registered in the Agora Dashboard.
+    #     See Get an App Certificate.
+    # expire: represented by the number of seconds elapsed since now. If, for example, you want to access the
+    #     Agora Service within 10 minutes after the token is generated, set expire as 600(seconds).
+    # return: The app token.
+    def self.build_app_token(app_id, app_certificate, expire)
+      access_token = Agora::AgoraDynamicKey2::AccessToken.new(app_id, app_certificate, expire)
+
+      service_apaas = Agora::AgoraDynamicKey2::ServiceApaas.new
+      service_apaas.add_privilege(Agora::AgoraDynamicKey2::ServiceApaas::PRIVILEGE_APP, expire)
+      access_token.add_service(service_apaas)
+
+      access_token.build
+    end
+  end
+end

data/lib/agora/dynamic_key2/fpa_token_builder.rb

@@ -0,0 +1,21 @@
+
+module Agora::AgoraDynamicKey2
+  class FpaTokenBuilder
+    # Build the FPA token.
+    #
+    # @param app_id The App ID issued to you by Agora. Apply for a new App ID from Agora Dashboard if it is missing
+    # from your kit. See Get an App ID.
+    # @param app_certificate Certificate of the application that you registered in the Agora Dashboard.
+    # See Get an App Certificate.
+    # @return The FPA token.
+    def self.build_token(app_id, app_certificate)
+      access_token = Agora::AgoraDynamicKey2::AccessToken.new(app_id, app_certificate, 24 * 3600)
+
+      service_fpa = Agora::AgoraDynamicKey2::ServiceFpa.new
+      service_fpa.add_privilege(Agora::AgoraDynamicKey2::ServiceFpa::PRIVILEGE_LOGIN, 0)
+      access_token.add_service(service_fpa)
+
+      access_token.build
+    end
+  end
+end