opentok 4.8.1 → 4.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c5299537135033f2ae95169f0a47017542fc51ac3bcf24e469219d3f00db5cda
-  data.tar.gz: 655c9293034b05b48f39f5f15809d0550f4774c5a097fb49bcf2aa46611e2c44
+  metadata.gz: '08afb004026d5e2f7a095d057c455acf33bd8a0ea268b367fee4b27b63d15949'
+  data.tar.gz: 1e0e778d936e767389554fcaa60a58663019b6016b23b4ca11520ad25404b631
 SHA512:
-  metadata.gz: 8b83473744134b0754c092d2a98e6d28af5a80c6ee373c48c8569af75cf84fc0106321c6a7b8e72ec253379bc4a4e431069a3c62fdcf45f7fba172ebf61e700f
-  data.tar.gz: b6946da6f229d0030fde0a09a9e969c7906f7da54151ed1f749b6af9bcd0ea0e1787521a73a98c23cebbaa60df4b8e79bddd39acd2d8367b721909488f65bc26
+  metadata.gz: 8f99b13b1f41af4cffb9aaabeb93d6ef7f033ee739bbcdcaae6836742e53cab7d7c18a1e04ce3bab765be8ab03cf244f0bed719c034fc0e1d3caf811eb948eaa
+  data.tar.gz: ad34ad438181cb082907a1d781f5a684ef5d83b88abec3a68cc1f3f7d31a1580f6b024f9c022a6cf58312fb33ad6bd1ab282df2d62a7ea2873cc844622f7a9c5

data/.github/workflows/ci.yml

@@ -11,7 +11,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]
-        ruby: [2.5, 2.6, 2.7, 3.0]
+        ruby: [3.0, 3.1, 3.2, 3.3]
         exclude:
           - os: windows-latest
             ruby: 3.0

data/CHANGES.md

@@ -1,3 +1,11 @@
+# 4.11.0
+
+* Updating client token creation to use JWTs by default. See [#287](https://github.com/opentok/OpenTok-Ruby-SDK/pull/274)
+
+# 4.9.0
+
+* Adds the `publisheronly` role for client token creation. See [#272](https://github.com/opentok/OpenTok-Ruby-SDK/pull/272)
+
 # 4.8.1
 
 * Fixes a bug with the `Archives#create` method. See [#269](https://github.com/opentok/OpenTok-Ruby-SDK/pull/269) and [#270](https://github.com/opentok/OpenTok-Ruby-SDK/pull/270)

data/Gemfile

@@ -1,4 +1,6 @@
 source "http://rubygems.org"
 
+gem "pry"
+
 # Specify your gem's dependencies in opentok.gemspec
 gemspec

data/README.md

@@ -20,6 +20,16 @@ The OpenTok Ruby SDK provides methods for:
 * Working with OpenTok [Experience Composers](https://tokbox.com/developer/guides/experience-composer)
 * Working with OpenTok [Audio Connector](https://tokbox.com/developer/guides/audio-connector)
 
+## Note!
+
+This library is designed to work with the Tokbox/OpenTok platform, part of the Vonage Video API. If you are looking to use the Vonage Video API and using the Vonage Customer Dashboard, you will want to install the [Vonage Server SDK for Ruby](https://github.com/Vonage/vonage-ruby-sdk), which includes support for the Vonage Video API.
+
+Not sure which exact platform you are using? Take a look at [this guide](https://api.support.vonage.com/hc/en-us/articles/10817774782492).
+
+If you are using the Tokbox platform, do not worry! The Tokbox platform is not going away, and this library will continue to be updated. While we encourage customers to check out the new Unified platform, there is no rush to switch. Both platforms run the exact same infrastructure and capabilities, with the main difference is a unified billing interface and easier access to [Vonage’s other CPaaS APIs](https://www.vonage.com/communications-apis/).
+
+If you are new to the Vonage Video API, head on over to the [Vonage Customer Dashboard](https://dashboard.vonage.com) to sign up for a developer account and check out the [Vonage Server SDK for Ruby](https://github.com/Vonage/vonage-ruby-sdk). 
+
 ## Installation
 
 ### Bundler (recommended):

data/lib/opentok/constants.rb

@@ -2,7 +2,7 @@ module OpenTok
   require "set"
   API_URL = "https://api.opentok.com"
   TOKEN_SENTINEL = "T1=="
-  ROLES = { subscriber: "subscriber", publisher: "publisher", moderator: "moderator" }
+  ROLES = { subscriber: "subscriber", publisher: "publisher", moderator: "moderator", publisheronly: "publisheronly" }
   ARCHIVE_MODES = ::Set.new([:manual, :always])
   AUTH_EXPIRE = 300
 end

data/lib/opentok/opentok.rb

@@ -36,6 +36,7 @@ module OpenTok
   #     the token.
   #
   #   @param [Hash] options A hash defining options for the token.
+  #   @option options [String] :token_type The type of token to generate. Must be one of 'T1' or 'JWT'. 'JWT' is the default.
   #   @option options [Symbol] :role The role for the token. Set this to one of the following
   #     values:
   #     * <code>:subscriber</code> -- A subscriber can only subscribe to streams.

data/lib/opentok/session.rb

@@ -28,6 +28,7 @@ module OpenTok
   #   Generates a token.
   #
   #   @param [Hash] options
+  #   @option options [String] :token_type The type of token to generate. Must be one of 'T1' or 'JWT'. 'JWT' is the default.
   #   @option options [Symbol] :role The role for the token. Set this to one of the following
   #     values:
   #     * <code>:subscriber</code> -- A subscriber can only subscribe to streams.

data/lib/opentok/token_generator.rb

@@ -6,10 +6,13 @@ require "addressable/uri"
 require "openssl"
 require "active_support"
 require "active_support/time"
+require "jwt"
 
 module OpenTok
   # @private
   module TokenGenerator
+    VALID_TOKEN_TYPES = ['T1', 'JWT'].freeze
+
     # this works when using include TokenGenerator
     def self.included(base)
       base.extend(ClassMethods)
@@ -33,7 +36,14 @@ module OpenTok
           end
           dynamic_args.compact!
           args = args.first(4-dynamic_args.length)
-          self.class.generate_token.call(*dynamic_args, *args)
+          token_type = if args.any? && args.last.is_a?(Hash) && args.last.has_key?(:token_type)
+            args.last[:token_type].upcase
+          else
+            "JWT"
+          end
+          raise "'#{token_type}' is not a valid token type. Must be one of: #{VALID_TOKEN_TYPES.join(', ')}" unless VALID_TOKEN_TYPES.include? token_type
+
+          self.class.generate_token(token_type).call(*dynamic_args, *args)
         end
       end
 
@@ -43,14 +53,14 @@ module OpenTok
       end
 
       # Generates a token
-      def generate_token
-        TokenGenerator::GENERATE_TOKEN_LAMBDA
+      def generate_token(token_type)
+        token_type == 'T1' ? TokenGenerator::GENERATE_T1_TOKEN_LAMBDA : TokenGenerator::GENERATE_JWT_LAMBDA
       end
 
     end
 
     # @private TODO: this probably doesn't need to be a constant anyone can read
-    GENERATE_TOKEN_LAMBDA = ->(api_key, api_secret, session_id, opts = {}) do
+    GENERATE_T1_TOKEN_LAMBDA = ->(api_key, api_secret, session_id, opts = {}) do
       # normalize required data params
       role = opts.fetch(:role, :publisher)
       unless ROLES.has_key? role
@@ -101,6 +111,52 @@ module OpenTok
       TOKEN_SENTINEL + Base64.strict_encode64(meta_string + ":" + data_string)
     end
 
+    GENERATE_JWT_LAMBDA = ->(api_key, api_secret, session_id, opts = {}) do
+      # normalize required data params
+      role = opts.fetch(:role, :publisher)
+      unless ROLES.has_key? role
+        raise "'#{role}' is not a recognized role"
+      end
+      unless Session.belongs_to_api_key? session_id.to_s, api_key
+        raise "Cannot generate token for a session_id that doesn't belong to api_key: #{api_key}"
+      end
+
+      # minimum data params
+      data_params = {
+        :iss => api_key,
+        :ist => "project",
+        :iat => Time.now.to_i,
+        :nonce => Random.rand,
+        :role => role,
+        :scope => "session.connect",
+        :session_id => session_id,
+      }
+
+      # normalize and add additional data params
+      unless (expire_time = opts[:expire_time].to_i) == 0
+        unless expire_time.between?(Time.now.to_i, (Time.now + 30.days).to_i)
+          raise "Expire time must be within the next 30 days"
+        end
+        data_params[:exp] = expire_time.to_i
+      end
+
+      unless opts[:data].nil?
+        unless (data = opts[:data].to_s).length < 1000
+          raise "Connection data must be less than 1000 characters"
+        end
+        data_params[:connection_data] = data
+      end
+
+      if opts[:initial_layout_class_list]
+        if opts[:initial_layout_class_list].is_a?(Array)
+          data_params[:initial_layout_class_list] = opts[:initial_layout_class_list].join(' ')
+        else
+          data_params[:initial_layout_class_list] = opts[:initial_layout_class_list].to_s
+        end
+      end
+
+      JWT.encode(data_params, api_secret, 'HS256', header_fields={typ: 'JWT'})
+    end
 
     # this works when using extend TokenGenerator
     # def generates_tokens(method_opts)

data/lib/opentok/version.rb

@@ -1,4 +1,4 @@
 module OpenTok
   # @private
-  VERSION = '4.8.1'
+  VERSION = '4.11.0'
 end

data/spec/matchers/token.rb

@@ -3,8 +3,9 @@ require "rspec/matchers"
 require "base64"
 require "openssl"
 require "addressable/uri"
+require "jwt"
 
-RSpec::Matchers.define :carry_token_data do |input_data|
+RSpec::Matchers.define :carry_t1_token_data do |input_data|
   option_to_token_key = {
     :api_key => :partner_id,
     :data => :connection_data,
@@ -37,7 +38,7 @@ RSpec::Matchers.define :carry_token_data do |input_data|
   end
 end
 
-RSpec::Matchers.define :carry_valid_token_signature do |api_secret|
+RSpec::Matchers.define :carry_valid_t1_token_signature do |api_secret|
   match do |token|
     decoded_token = Base64.decode64(token[4..token.length])
     metadata, data_string = decoded_token.split(':')
@@ -48,3 +49,34 @@ RSpec::Matchers.define :carry_valid_token_signature do |api_secret|
     signature == OpenSSL::HMAC.hexdigest(digest, api_secret, data_string)
   end
 end
+
+RSpec::Matchers.define :carry_jwt_token_data do |input_data|
+  match do |token|
+    decoded_token = JWT.decode(token, nil, false)
+    token_data = decoded_token.first.transform_keys {|k| k.to_sym}.transform_values {|v| v.to_s}
+    check_token_data = lambda { |key, value|
+      if token_data.has_key? key
+        unless value.nil?
+          return token_data[key] == value.to_s
+        end
+        return true
+      end
+      false
+    }
+    unless input_data.respond_to? :all?
+      return check_token_data.call(input_data, nil)
+    end
+    input_data.all? { |k, v| check_token_data.call(k, v) }
+  end
+end
+
+RSpec::Matchers.define :carry_valid_jwt_token_signature do |api_secret|
+  match do |token|
+    begin
+      JWT.decode(token, api_secret, true)
+    rescue
+      return false
+    end
+    true
+  end
+end

data/spec/opentok/session_spec.rb

@@ -72,5 +72,4 @@ describe OpenTok::Session do
     end
     include_examples "session generates tokens"
   end
-
 end

data/spec/shared/opentok_generates_tokens.rb

@@ -15,88 +15,286 @@ shared_examples "opentok generates tokens" do
     let(:api_secret) { "1234567890abcdef1234567890abcdef1234567890" }
     let(:session_id) { "1_MX4xMjM0NTZ-flNhdCBNYXIgMTUgMTQ6NDI6MjMgUERUIDIwMTR-MC40OTAxMzAyNX4" }
     let(:default_role) { :publisher }
+    let(:ist) { "project" }
+    let(:scope) { "session.connect" }
 
-    it "generates plain tokens" do
-      plain_token = opentok.generate_token session_id
-      expect(plain_token).to be_an_instance_of String
-      expect(plain_token).to carry_token_data :session_id => session_id
-      expect(plain_token).to carry_token_data :api_key => api_key
-      expect(plain_token).to carry_token_data :role => default_role
-      expect(plain_token).to carry_token_data [:nonce, :create_time]
-      expect(plain_token).to carry_valid_token_signature api_secret
-    end
+    context "when token type is T1" do
+      it "generates plain tokens" do
+        plain_token = opentok.generate_token session_id, :token_type => "T1"
+        expect(plain_token).to be_an_instance_of String
+        expect(plain_token).to carry_t1_token_data :session_id => session_id
+        expect(plain_token).to carry_t1_token_data :api_key => api_key
+        expect(plain_token).to carry_t1_token_data :role => default_role
+        expect(plain_token).to carry_t1_token_data [:nonce, :create_time]
+        expect(plain_token).to carry_valid_t1_token_signature api_secret
+      end
 
-    it "generates tokens with an expire time" do
-      expire_time = Time.now + (60*60*24)
-      expiring_token = opentok.generate_token session_id, :expire_time => expire_time
-      expect(expiring_token).to be_an_instance_of String
-      expect(expiring_token).to carry_token_data :session_id => session_id
-      expect(expiring_token).to carry_token_data :api_key => api_key
-      expect(expiring_token).to carry_token_data :role => default_role
-      expect(expiring_token).to carry_token_data :expire_time => expire_time.to_i
-      expect(expiring_token).to carry_token_data [:nonce, :create_time]
-      expect(expiring_token).to carry_valid_token_signature api_secret
-    end
+      it "generates tokens with an expire time" do
+        expire_time = Time.now + (60*60*24)
+        expiring_token = opentok.generate_token session_id, :expire_time => expire_time, :token_type => "T1"
+        expect(expiring_token).to be_an_instance_of String
+        expect(expiring_token).to carry_t1_token_data :session_id => session_id
+        expect(expiring_token).to carry_t1_token_data :api_key => api_key
+        expect(expiring_token).to carry_t1_token_data :role => default_role
+        expect(expiring_token).to carry_t1_token_data :expire_time => expire_time.to_i
+        expect(expiring_token).to carry_t1_token_data [:nonce, :create_time]
+        expect(expiring_token).to carry_valid_t1_token_signature api_secret
+      end
 
-    it "generates tokens with an integer expire time" do
-      expire_time = Time.now.to_i + (60*60*24)
-      expiring_token = opentok.generate_token session_id, :expire_time => expire_time
-      expect(expiring_token).to be_an_instance_of String
-      expect(expiring_token).to carry_token_data :session_id => session_id
-      expect(expiring_token).to carry_token_data :api_key => api_key
-      expect(expiring_token).to carry_token_data :role => default_role
-      expect(expiring_token).to carry_token_data :expire_time => expire_time
-      expect(expiring_token).to carry_token_data [:nonce, :create_time]
-      expect(expiring_token).to carry_valid_token_signature api_secret
-    end
+      it "generates tokens with an integer expire time" do
+        expire_time = Time.now.to_i + (60*60*24)
+        expiring_token = opentok.generate_token session_id, :expire_time => expire_time, :token_type => "T1"
+        expect(expiring_token).to be_an_instance_of String
+        expect(expiring_token).to carry_t1_token_data :session_id => session_id
+        expect(expiring_token).to carry_t1_token_data :api_key => api_key
+        expect(expiring_token).to carry_t1_token_data :role => default_role
+        expect(expiring_token).to carry_t1_token_data :expire_time => expire_time
+        expect(expiring_token).to carry_t1_token_data [:nonce, :create_time]
+        expect(expiring_token).to carry_valid_t1_token_signature api_secret
+      end
 
-    it "generates tokens with a role" do
-      role = :moderator
-      role_token = opentok.generate_token session_id, :role => role
-      expect(role_token).to be_an_instance_of String
-      expect(role_token).to carry_token_data :session_id => session_id
-      expect(role_token).to carry_token_data :api_key => api_key
-      expect(role_token).to carry_token_data :role => role
-      expect(role_token).to carry_token_data [:nonce, :create_time]
-      expect(role_token).to carry_valid_token_signature api_secret
-    end
+      it "generates tokens with a publisher role" do
+        role = :publisher
+        role_token = opentok.generate_token session_id, :role => role, :token_type => "T1"
+        expect(role_token).to be_an_instance_of String
+        expect(role_token).to carry_t1_token_data :session_id => session_id
+        expect(role_token).to carry_t1_token_data :api_key => api_key
+        expect(role_token).to carry_t1_token_data :role => role
+        expect(role_token).to carry_t1_token_data [:nonce, :create_time]
+        expect(role_token).to carry_valid_t1_token_signature api_secret
+      end
+
+      it "generates tokens with a subscriber role" do
+        role = :subscriber
+        role_token = opentok.generate_token session_id, :role => role, :token_type => "T1"
+        expect(role_token).to be_an_instance_of String
+        expect(role_token).to carry_t1_token_data :session_id => session_id
+        expect(role_token).to carry_t1_token_data :api_key => api_key
+        expect(role_token).to carry_t1_token_data :role => role
+        expect(role_token).to carry_t1_token_data [:nonce, :create_time]
+        expect(role_token).to carry_valid_t1_token_signature api_secret
+      end
+
+      it "generates tokens with a moderator role" do
+        role = :moderator
+        role_token = opentok.generate_token session_id, :role => role, :token_type => "T1"
+        expect(role_token).to be_an_instance_of String
+        expect(role_token).to carry_t1_token_data :session_id => session_id
+        expect(role_token).to carry_t1_token_data :api_key => api_key
+        expect(role_token).to carry_t1_token_data :role => role
+        expect(role_token).to carry_t1_token_data [:nonce, :create_time]
+        expect(role_token).to carry_valid_t1_token_signature api_secret
+      end
 
-    it "generates tokens with data" do
-      data = "name=Johnny"
-      data_bearing_token = opentok.generate_token session_id, :data => data
-      expect(data_bearing_token).to be_an_instance_of String
-      expect(data_bearing_token).to carry_token_data :session_id => session_id
-      expect(data_bearing_token).to carry_token_data :api_key => api_key
-      expect(data_bearing_token).to carry_token_data :role => default_role
-      expect(data_bearing_token).to carry_token_data :data => data
-      expect(data_bearing_token).to carry_token_data [:nonce, :create_time]
-      expect(data_bearing_token).to carry_valid_token_signature api_secret
+      it "generates tokens with a publisheronly role" do
+        role = :publisheronly
+        role_token = opentok.generate_token session_id, :role => role, :token_type => "T1"
+        expect(role_token).to be_an_instance_of String
+        expect(role_token).to carry_t1_token_data :session_id => session_id
+        expect(role_token).to carry_t1_token_data :api_key => api_key
+        expect(role_token).to carry_t1_token_data :role => role
+        expect(role_token).to carry_t1_token_data [:nonce, :create_time]
+        expect(role_token).to carry_valid_t1_token_signature api_secret
+      end
+
+      it "generates tokens with data" do
+        data = "name=Johnny"
+        data_bearing_token = opentok.generate_token session_id, :data => data, :token_type => "T1"
+        expect(data_bearing_token).to be_an_instance_of String
+        expect(data_bearing_token).to carry_t1_token_data :session_id => session_id
+        expect(data_bearing_token).to carry_t1_token_data :api_key => api_key
+        expect(data_bearing_token).to carry_t1_token_data :role => default_role
+        expect(data_bearing_token).to carry_t1_token_data :data => data
+        expect(data_bearing_token).to carry_t1_token_data [:nonce, :create_time]
+        expect(data_bearing_token).to carry_valid_t1_token_signature api_secret
+      end
+
+      it "generates tokens with initial layout classes" do
+        layout_classes = ["focus", "small"]
+        layout_class_bearing_token = opentok.generate_token session_id, :initial_layout_class_list => layout_classes, :token_type => "T1"
+        expect(layout_class_bearing_token).to be_an_instance_of String
+        expect(layout_class_bearing_token).to carry_t1_token_data :session_id => session_id
+        expect(layout_class_bearing_token).to carry_t1_token_data :api_key => api_key
+        expect(layout_class_bearing_token).to carry_t1_token_data :role => default_role
+        expect(layout_class_bearing_token).to carry_t1_token_data :initial_layout_class_list => layout_classes.join(' ')
+        expect(layout_class_bearing_token).to carry_t1_token_data [:nonce, :create_time]
+        expect(layout_class_bearing_token).to carry_valid_t1_token_signature api_secret
+      end
+
+      it "generates tokens with one initial layout class" do
+        layout_class = "focus"
+        layout_class_bearing_token = opentok.generate_token session_id, :initial_layout_class_list => layout_class, :token_type => "T1"
+        expect(layout_class_bearing_token).to be_an_instance_of String
+        expect(layout_class_bearing_token).to carry_t1_token_data :session_id => session_id
+        expect(layout_class_bearing_token).to carry_t1_token_data :api_key => api_key
+        expect(layout_class_bearing_token).to carry_t1_token_data :role => default_role
+        expect(layout_class_bearing_token).to carry_t1_token_data :initial_layout_class_list => layout_class
+        expect(layout_class_bearing_token).to carry_t1_token_data [:nonce, :create_time]
+        expect(layout_class_bearing_token).to carry_valid_t1_token_signature api_secret
+      end
+
+      context "when the role is invalid" do
+        it "raises an error" do
+          expect {  opentok.generate_token session_id, :role => :invalid_role, :token_type => "T1" }.to raise_error
+        end
+      end
     end
 
-    it "generates tokens with initial layout classes" do
-      layout_classes = ["focus", "small"]
-      layout_class_bearing_token = opentok.generate_token session_id, :initial_layout_class_list => layout_classes
-      expect(layout_class_bearing_token).to be_an_instance_of String
-      expect(layout_class_bearing_token).to carry_token_data :session_id => session_id
-      expect(layout_class_bearing_token).to carry_token_data :api_key => api_key
-      expect(layout_class_bearing_token).to carry_token_data :role => default_role
-      expect(layout_class_bearing_token).to carry_token_data :initial_layout_class_list => layout_classes.join(' ')
-      expect(layout_class_bearing_token).to carry_token_data [:nonce, :create_time]
-      expect(layout_class_bearing_token).to carry_valid_token_signature api_secret
+    context "when token type is JWT" do
+      it "generates plain tokens" do
+        plain_token = opentok.generate_token session_id, :token_type => "JWT"
+        expect(plain_token).to be_an_instance_of String
+        expect(plain_token).to carry_jwt_token_data :session_id => session_id
+        expect(plain_token).to carry_jwt_token_data :iss => api_key
+        expect(plain_token).to carry_jwt_token_data :ist => ist
+        expect(plain_token).to carry_jwt_token_data :scope => scope
+        expect(plain_token).to carry_jwt_token_data :role => default_role
+        expect(plain_token).to carry_jwt_token_data [:ist, :iat, :nonce]
+        expect(plain_token).to carry_valid_jwt_token_signature api_secret
+      end
+
+      it "generates tokens with a custom expire time" do
+        expire_time = Time.now + (60*60*24)
+        expiring_token = opentok.generate_token session_id, :expire_time => expire_time, :token_type => "JWT"
+        expect(expiring_token).to be_an_instance_of String
+        expect(expiring_token).to carry_jwt_token_data :session_id => session_id
+        expect(expiring_token).to carry_jwt_token_data :iss => api_key
+        expect(expiring_token).to carry_jwt_token_data :ist => ist
+        expect(expiring_token).to carry_jwt_token_data :scope => scope
+        expect(expiring_token).to carry_jwt_token_data :role => default_role
+        expect(expiring_token).to carry_jwt_token_data :exp => expire_time.to_i
+        expect(expiring_token).to carry_jwt_token_data [:ist, :iat, :nonce]
+        expect(expiring_token).to carry_valid_jwt_token_signature api_secret
+      end
+
+      it "generates tokens with an integer expire time" do
+        expire_time = Time.now.to_i + (60*60*24)
+        expiring_token = opentok.generate_token session_id, :expire_time => expire_time, :token_type => "JWT"
+        expect(expiring_token).to be_an_instance_of String
+        expect(expiring_token).to carry_jwt_token_data :session_id => session_id
+        expect(expiring_token).to carry_jwt_token_data :iss => api_key
+        expect(expiring_token).to carry_jwt_token_data :ist => ist
+        expect(expiring_token).to carry_jwt_token_data :scope => scope
+        expect(expiring_token).to carry_jwt_token_data :role => default_role
+        expect(expiring_token).to carry_jwt_token_data :exp => expire_time
+        expect(expiring_token).to carry_jwt_token_data [:ist, :iat, :nonce]
+        expect(expiring_token).to carry_valid_jwt_token_signature api_secret
+      end
+
+      it "generates tokens with a publisher role" do
+        role = :publisher
+        role_token = opentok.generate_token session_id, :role => role, :token_type => "JWT"
+        expect(role_token).to be_an_instance_of String
+        expect(role_token).to carry_jwt_token_data :session_id => session_id
+        expect(role_token).to carry_jwt_token_data :iss => api_key
+        expect(role_token).to carry_jwt_token_data :ist => ist
+        expect(role_token).to carry_jwt_token_data :scope => scope
+        expect(role_token).to carry_jwt_token_data :role => role
+        expect(role_token).to carry_jwt_token_data [:ist, :iat, :nonce]
+        expect(role_token).to carry_valid_jwt_token_signature api_secret
+      end
+
+      it "generates tokens with a subscriber role" do
+        role = :subscriber
+        role_token = opentok.generate_token session_id, :role => role, :token_type => "JWT"
+        expect(role_token).to be_an_instance_of String
+        expect(role_token).to carry_jwt_token_data :session_id => session_id
+        expect(role_token).to carry_jwt_token_data :iss => api_key
+        expect(role_token).to carry_jwt_token_data :ist => ist
+        expect(role_token).to carry_jwt_token_data :scope => scope
+        expect(role_token).to carry_jwt_token_data :role => role
+        expect(role_token).to carry_jwt_token_data [:ist, :iat, :nonce]
+        expect(role_token).to carry_valid_jwt_token_signature api_secret
+      end
+
+      it "generates tokens with a moderator role" do
+        role = :moderator
+        role_token = opentok.generate_token session_id, :role => role, :token_type => "JWT"
+        expect(role_token).to be_an_instance_of String
+        expect(role_token).to carry_jwt_token_data :session_id => session_id
+        expect(role_token).to carry_jwt_token_data :iss => api_key
+        expect(role_token).to carry_jwt_token_data :ist => ist
+        expect(role_token).to carry_jwt_token_data :scope => scope
+        expect(role_token).to carry_jwt_token_data :role => role
+        expect(role_token).to carry_jwt_token_data [:ist, :iat, :nonce]
+        expect(role_token).to carry_valid_jwt_token_signature api_secret
+      end
+
+      it "generates tokens with a publisheronly role" do
+        role = :publisheronly
+        role_token = opentok.generate_token session_id, :role => role, :token_type => "JWT"
+        expect(role_token).to be_an_instance_of String
+        expect(role_token).to carry_jwt_token_data :session_id => session_id
+        expect(role_token).to carry_jwt_token_data :iss => api_key
+        expect(role_token).to carry_jwt_token_data :ist => ist
+        expect(role_token).to carry_jwt_token_data :scope => scope
+        expect(role_token).to carry_jwt_token_data :role => role
+        expect(role_token).to carry_jwt_token_data [:ist, :iat, :nonce]
+        expect(role_token).to carry_valid_jwt_token_signature api_secret
+      end
+
+      it "generates tokens with data" do
+        data = "name=Johnny"
+        data_bearing_token = opentok.generate_token session_id, :data => data, :token_type => "JWT"
+        expect(data_bearing_token).to be_an_instance_of String
+        expect(data_bearing_token).to carry_jwt_token_data :session_id => session_id
+        expect(data_bearing_token).to carry_jwt_token_data :iss => api_key
+        expect(data_bearing_token).to carry_jwt_token_data :ist => ist
+        expect(data_bearing_token).to carry_jwt_token_data :scope => scope
+        expect(data_bearing_token).to carry_jwt_token_data :role => default_role
+        expect(data_bearing_token).to carry_jwt_token_data :connection_data => data
+        expect(data_bearing_token).to carry_jwt_token_data [:ist, :iat, :nonce]
+        expect(data_bearing_token).to carry_valid_jwt_token_signature api_secret
+      end
+
+      it "generates tokens with initial layout classes" do
+        layout_classes = ["focus", "small"]
+        layout_class_bearing_token = opentok.generate_token session_id, :initial_layout_class_list => layout_classes, :token_type => "JWT"
+        expect(layout_class_bearing_token).to be_an_instance_of String
+        expect(layout_class_bearing_token).to carry_jwt_token_data :session_id => session_id
+        expect(layout_class_bearing_token).to carry_jwt_token_data :iss => api_key
+        expect(layout_class_bearing_token).to carry_jwt_token_data :ist => ist
+        expect(layout_class_bearing_token).to carry_jwt_token_data :scope => scope
+        expect(layout_class_bearing_token).to carry_jwt_token_data :role => default_role
+        expect(layout_class_bearing_token).to carry_jwt_token_data :initial_layout_class_list => layout_classes.join(' ')
+        expect(layout_class_bearing_token).to carry_jwt_token_data [:ist, :iat, :nonce]
+        expect(layout_class_bearing_token).to carry_valid_jwt_token_signature api_secret
+      end
+
+      it "generates tokens with one initial layout class" do
+        layout_class = "focus"
+        layout_class_bearing_token = opentok.generate_token session_id, :initial_layout_class_list => layout_class, :token_type => "JWT"
+        expect(layout_class_bearing_token).to be_an_instance_of String
+        expect(layout_class_bearing_token).to carry_jwt_token_data :session_id => session_id
+        expect(layout_class_bearing_token).to carry_jwt_token_data :iss => api_key
+        expect(layout_class_bearing_token).to carry_jwt_token_data :ist => ist
+        expect(layout_class_bearing_token).to carry_jwt_token_data :scope => scope
+        expect(layout_class_bearing_token).to carry_jwt_token_data :role => default_role
+        expect(layout_class_bearing_token).to carry_jwt_token_data :initial_layout_class_list => layout_class
+        expect(layout_class_bearing_token).to carry_jwt_token_data [:ist, :iat, :nonce]
+        expect(layout_class_bearing_token).to carry_valid_jwt_token_signature api_secret
+      end
+
+      context "when the role is invalid" do
+        it "raises an error" do
+          expect {  opentok.generate_token session_id, :role => :invalid_role, :token_type => "JWT" }.to raise_error
+        end
+      end
     end
 
-    it "generates tokens with one initial layout class" do
-      layout_class = "focus"
-      layout_class_bearing_token = opentok.generate_token session_id, :initial_layout_class_list => layout_class
-      expect(layout_class_bearing_token).to be_an_instance_of String
-      expect(layout_class_bearing_token).to carry_token_data :session_id => session_id
-      expect(layout_class_bearing_token).to carry_token_data :api_key => api_key
-      expect(layout_class_bearing_token).to carry_token_data :role => default_role
-      expect(layout_class_bearing_token).to carry_token_data :initial_layout_class_list => layout_class
-      expect(layout_class_bearing_token).to carry_token_data [:nonce, :create_time]
-      expect(layout_class_bearing_token).to carry_valid_token_signature api_secret
+    context "when token type is not specified" do
+      it "generates a JWT token by default" do
+        default_token = opentok.generate_token session_id
+        expect(default_token).to be_an_instance_of String
+        expect(default_token).to carry_valid_jwt_token_signature api_secret
+      end
     end
 
+    context "when token type is invalid" do
+      it "raises an error" do
+        expect {  opentok.generate_token session_id, :token_type => "invalid_token_type" }.to raise_error
+      end
+    end
 
     # TODO a context about using a bad session_id
   end

data/spec/shared/session_generates_tokens.rb

@@ -15,52 +15,124 @@ shared_examples "session generates tokens" do
     let(:api_secret) { "1234567890abcdef1234567890abcdef1234567890" }
     let(:session_id) { "1_MX4xMjM0NTZ-flNhdCBNYXIgMTUgMTQ6NDI6MjMgUERUIDIwMTR-MC40OTAxMzAyNX4" }
     let(:default_role) { :publisher }
+    let(:ist) { "project" }
+    let(:scope) { "session.connect" }
 
-    it "generates plain tokens" do
-      plain_token = session.generate_token
-      expect(plain_token).to be_an_instance_of String
-      expect(plain_token).to carry_token_data :session_id => session_id
-      expect(plain_token).to carry_token_data :api_key => api_key
-      expect(plain_token).to carry_token_data :role => default_role
-      expect(plain_token).to carry_token_data [:nonce, :create_time]
-      expect(plain_token).to carry_valid_token_signature api_secret
-    end
+    context "when token type is T1" do
+      it "generates plain tokens" do
+        plain_token = session.generate_token :token_type => "T1"
+        expect(plain_token).to be_an_instance_of String
+        expect(plain_token).to carry_t1_token_data :session_id => session_id
+        expect(plain_token).to carry_t1_token_data :api_key => api_key
+        expect(plain_token).to carry_t1_token_data :role => default_role
+        expect(plain_token).to carry_t1_token_data [:nonce, :create_time]
+        expect(plain_token).to carry_valid_t1_token_signature api_secret
+      end
+
+      it "generates tokens with an expire time" do
+        expire_time = Time.now + (60*60*24)
+        expiring_token = session.generate_token :expire_time => expire_time, :token_type => "T1"
+        expect(expiring_token).to be_an_instance_of String
+        expect(expiring_token).to carry_t1_token_data :session_id => session_id
+        expect(expiring_token).to carry_t1_token_data :api_key => api_key
+        expect(expiring_token).to carry_t1_token_data :role => default_role
+        expect(expiring_token).to carry_t1_token_data :expire_time => expire_time.to_i
+        expect(expiring_token).to carry_t1_token_data [:nonce, :create_time]
+        expect(expiring_token).to carry_valid_t1_token_signature api_secret
+      end
 
-    it "generates tokens with an expire time" do
-      expire_time = Time.now + (60*60*24)
-      expiring_token = session.generate_token :expire_time => expire_time
-      expect(expiring_token).to be_an_instance_of String
-      expect(expiring_token).to carry_token_data :session_id => session_id
-      expect(expiring_token).to carry_token_data :api_key => api_key
-      expect(expiring_token).to carry_token_data :role => default_role
-      expect(expiring_token).to carry_token_data :expire_time => expire_time.to_i
-      expect(expiring_token).to carry_token_data [:nonce, :create_time]
-      expect(expiring_token).to carry_valid_token_signature api_secret
+      it "generates tokens with a role" do
+        role = :moderator
+        role_token = session.generate_token :role => role, :token_type => "T1"
+        expect(role_token).to be_an_instance_of String
+        expect(role_token).to carry_t1_token_data :session_id => session_id
+        expect(role_token).to carry_t1_token_data :api_key => api_key
+        expect(role_token).to carry_t1_token_data :role => role
+        expect(role_token).to carry_t1_token_data [:nonce, :create_time]
+        expect(role_token).to carry_valid_t1_token_signature api_secret
+      end
+
+      it "generates tokens with data" do
+        data = "name=Johnny"
+        data_bearing_token = session.generate_token :data => data, :token_type => "T1"
+        expect(data_bearing_token).to be_an_instance_of String
+        expect(data_bearing_token).to carry_t1_token_data :session_id => session_id
+        expect(data_bearing_token).to carry_t1_token_data :api_key => api_key
+        expect(data_bearing_token).to carry_t1_token_data :role => default_role
+        expect(data_bearing_token).to carry_t1_token_data :data => data
+        expect(data_bearing_token).to carry_t1_token_data [:nonce, :create_time]
+        expect(data_bearing_token).to carry_valid_t1_token_signature api_secret
+      end
     end
 
-    it "generates tokens with a role" do
-      role = :moderator
-      role_token = session.generate_token :role => role
-      expect(role_token).to be_an_instance_of String
-      expect(role_token).to carry_token_data :session_id => session_id
-      expect(role_token).to carry_token_data :api_key => api_key
-      expect(role_token).to carry_token_data :role => role
-      expect(role_token).to carry_token_data [:nonce, :create_time]
-      expect(role_token).to carry_valid_token_signature api_secret
+    context "when token type is JWT" do
+      it "generates plain tokens" do
+        plain_token = session.generate_token :token_type => "JWT"
+        expect(plain_token).to be_an_instance_of String
+        expect(plain_token).to carry_jwt_token_data :session_id => session_id
+        expect(plain_token).to carry_jwt_token_data :iss => api_key
+        expect(plain_token).to carry_jwt_token_data :ist => ist
+        expect(plain_token).to carry_jwt_token_data :scope => scope
+        expect(plain_token).to carry_jwt_token_data :role => default_role
+        expect(plain_token).to carry_jwt_token_data [:ist, :iat, :nonce]
+        expect(plain_token).to carry_valid_jwt_token_signature api_secret
+      end
+
+      it "generates tokens with a custom expire time" do
+        expire_time = Time.now + (60*60*24)
+        expiring_token = session.generate_token :expire_time => expire_time, :token_type => "JWT"
+        expect(expiring_token).to be_an_instance_of String
+        expect(expiring_token).to carry_jwt_token_data :session_id => session_id
+        expect(expiring_token).to carry_jwt_token_data :iss => api_key
+        expect(expiring_token).to carry_jwt_token_data :ist => ist
+        expect(expiring_token).to carry_jwt_token_data :scope => scope
+        expect(expiring_token).to carry_jwt_token_data :role => default_role
+        expect(expiring_token).to carry_jwt_token_data :exp => expire_time.to_i
+        expect(expiring_token).to carry_jwt_token_data [:ist, :iat, :nonce]
+        expect(expiring_token).to carry_valid_jwt_token_signature api_secret
+      end
+
+      it "generates tokens with a non-default role" do
+        role = :moderator
+        role_token = session.generate_token :role => role, :token_type => "JWT"
+        expect(role_token).to be_an_instance_of String
+        expect(role_token).to carry_jwt_token_data :session_id => session_id
+        expect(role_token).to carry_jwt_token_data :iss => api_key
+        expect(role_token).to carry_jwt_token_data :ist => ist
+        expect(role_token).to carry_jwt_token_data :scope => scope
+        expect(role_token).to carry_jwt_token_data :role => role
+        expect(role_token).to carry_jwt_token_data [:ist, :iat, :nonce]
+        expect(role_token).to carry_valid_jwt_token_signature api_secret
+      end
+
+      it "generates tokens with data" do
+        data = "name=Johnny"
+        data_bearing_token = session.generate_token :data => data, :token_type => "JWT"
+        expect(data_bearing_token).to be_an_instance_of String
+        expect(data_bearing_token).to carry_jwt_token_data :session_id => session_id
+        expect(data_bearing_token).to carry_jwt_token_data :iss => api_key
+        expect(data_bearing_token).to carry_jwt_token_data :ist => ist
+        expect(data_bearing_token).to carry_jwt_token_data :scope => scope
+        expect(data_bearing_token).to carry_jwt_token_data :role => default_role
+        expect(data_bearing_token).to carry_jwt_token_data :connection_data => data
+        expect(data_bearing_token).to carry_jwt_token_data [:ist, :iat, :nonce]
+        expect(data_bearing_token).to carry_valid_jwt_token_signature api_secret
+      end
     end
 
-    it "generates tokens with data" do
-      data = "name=Johnny"
-      data_bearing_token = session.generate_token :data => data
-      expect(data_bearing_token).to be_an_instance_of String
-      expect(data_bearing_token).to carry_token_data :session_id => session_id
-      expect(data_bearing_token).to carry_token_data :api_key => api_key
-      expect(data_bearing_token).to carry_token_data :role => default_role
-      expect(data_bearing_token).to carry_token_data :data => data
-      expect(data_bearing_token).to carry_token_data [:nonce, :create_time]
-      expect(data_bearing_token).to carry_valid_token_signature api_secret
+    context "when token type is not specified" do
+      it "generates a JWT token by default" do
+        default_token = session.generate_token
+        expect(default_token).to be_an_instance_of String
+        expect(default_token).to carry_valid_jwt_token_signature api_secret
+      end
     end
 
+    context "when token type is invalid" do
+      it "raises an error" do
+        expect {  session.generate_token :token_type => "invalid_token_type" }.to raise_error
+      end
+    end
 
     # TODO a context about using a bad session_id
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: opentok
 version: !ruby/object:Gem::Version
-  version: 4.8.1
+  version: 4.11.0
 platform: ruby
 authors:
 - Stijn Mathysen
@@ -12,7 +12,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-01-03 00:00:00.000000000 Z
+date: 2025-02-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -355,7 +355,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.3
+rubygems_version: 3.5.4
 signing_key: 
 specification_version: 4
 summary: Ruby gem for the OpenTok API