Scripts2026年5月11日·1 分钟阅读

LiveKit Token Server — Sign JWTs for Room Access

Server-side token signing for LiveKit rooms. Python/Node SDKs. Per-user permissions, room scoping, TTL. Required for production.

LiveKit
LiveKit · Community
Agent 就绪

这个资产可以被 Agent 直接读取和安装

TokRepo 同时提供通用 CLI 命令、安装契约、metadata JSON、按适配器生成的安装计划和原始内容链接,方便 Agent 判断适配度、风险和下一步动作。

Stage only · 17/100Stage only
Agent 入口
任意 MCP/CLI Agent
类型
Skill
安装
Stage only
信任
信任等级:New
入口
Asset
通用 CLI 安装命令
npx tokrepo install 793c4a17-cd72-40f3-aba5-9cb0f5957f1d
安装契约元数据 JSON适配计划原始内容

简介

LiveKit room 要签名 JWT 访问 token —— 后端用 API key + secret 签 token,授权某个身份以指定权限(publish / subscribe / record / data)加入指定 room。绝对不要在浏览器里签。这是 Python 和 Node 服务端流程。适合任何生产 LiveKit 部署、多租户语音应用、按用户的权限模型。兼容 livekit-server-sdk(Python / Node / Go / Ruby / Java)。装机时间 10 分钟。

Python token endpoint(FastAPI)

from livekit import api
from fastapi import FastAPI, HTTPException, Depends
import os

app = FastAPI()

@app.post("/livekit/token")
async def issue_token(user_id: str, room: str, user = Depends(authenticated_user)):
    if not can_join_room(user, room):
        raise HTTPException(403, "无权进入该 room")

    token = (
        api.AccessToken(os.environ["LIVEKIT_API_KEY"], os.environ["LIVEKIT_API_SECRET"])
        .with_identity(user_id)
        .with_name(user.display_name)
        .with_grants(api.VideoGrants(
            room_join=True,
            room=room,
            can_publish=True,
            can_subscribe=True,
            can_publish_data=True,
        ))
        .with_ttl(timedelta(hours=1))
        .to_jwt()
    )
    return {"token": token, "url": os.environ["LIVEKIT_URL"]}

Node token endpoint(Express)

import { AccessToken } from 'livekit-server-sdk';

app.post('/livekit/token', requireAuth, async (req, res) => {
  const { userId, room } = req.body;
  if (!canJoinRoom(req.user, room)) return res.status(403).send();

  const at = new AccessToken(process.env.LIVEKIT_API_KEY, process.env.LIVEKIT_API_SECRET, {
    identity: userId,
    name: req.user.displayName,
    ttl: '1h',
  });
  at.addGrant({
    roomJoin: true,
    room,
    canPublish: true,
    canSubscribe: true,
    canPublishData: true,
  });

  res.json({ token: await at.toJwt(), url: process.env.LIVEKIT_URL });
});

Grant cheat sheet

Grant 用例
room_join 任何参与者必备
can_publish 参与者可发布音视频
can_subscribe 参与者可听/看他人
can_publish_data 通过 DataChannel 发任意聊天/状态
room_admin 可静音、移除参与者
room_record 可启动 egress 录制
ingress_admin 管理 SIP / RTMP ingress

生产加固

  • 短 TTL —— 终端用户 token 最多 1 小时。浏览器通过 endpoint 续签。
  • 按用户 identity —— 别复用 identity。user_id 应是 DB 主键。
  • 仅服务端 —— 不打 secret 日志、绝不把 API_SECRET 发到浏览器。
  • 缓存 SDK —— 实例化一次,签多次复用。

FAQ

Q: 能在浏览器签 token 吗? A: 不能 —— API_SECRET 会暴露。永远在后端签。浏览器只见结果 JWT,TTL 受限、grant 限定。

Q: agent 怎么拿自己的 token? A: agent 同样认证 —— worker 进程签 agent 身份 token(带 agent=True grant)再加入 room。LiveKit Cloud agent 调度器在你用 LiveKit CLI 部署时自动处理。

Q: participant join/leave 的 webhook 呢? A: 在 cloud.livekit.io → Webhooks 配置。事件:room_started / participant_joined / participant_left / track_published / egress_started。服务端验 X-LiveKit-Signature header。

🙏

来源与感谢

Built by LiveKit. Licensed under Apache-2.0.

livekit/python-sdks, livekit/server-sdk-js

讨论

登录后参与讨论。
还没有评论,来写第一条吧。

相关资产

LiveKit Agents — Python Framework for Voice AI

LiveKit Agents is a Python framework for real-time voice AI. Pluggable STT/LLM/TTS, VAD, barge-in. Run on LiveKit Cloud or self-host.

Scripts
LiveKit

LiveKit Plugin Architecture — Swap STT/LLM/TTS Providers

LiveKit Agents plugin system lets you swap any STT/LLM/TTS provider with one line. Mid-call switch, fallback chain, per-room routing.

Skills
LiveKit

LiveKit Agents — Build Real-Time Voice AI Agents

Framework for building real-time voice AI agents. STT, LLM, TTS pipeline with sub-second latency. Supports OpenAI, Anthropic, Deepgram, ElevenLabs. 9.9K+ stars.

Scripts
LiveKit

Ory Oathkeeper — Cloud Native Identity & Access Proxy

Ory Oathkeeper is an open source Identity and Access Proxy that authenticates, authorizes, and mutates incoming HTTP requests before forwarding them to upstream services, acting as a zero trust gateway.

Scripts
Script Depot
首页🔍搜索👤我的