remove agent token (#1077)

* remove agent token

* Create cyan-coins-judge.md

.changeset/cyan-coins-judge.md

@@ -0,0 +1,5 @@
+---
+"@livekit/protocol": patch
+---
+
+remove agent token

agent/token.go

@@ -1,15 +1,8 @@
 package agent
 
 import (
-	"bytes"
-	"crypto/sha256"
-	"encoding/base64"
-	"fmt"
 	"time"
 
-	"github.com/go-jose/go-jose/v3"
-	"github.com/go-jose/go-jose/v3/jwt"
-
 	"github.com/livekit/protocol/auth"
 	"github.com/livekit/protocol/livekit"
 )
@@ -42,86 +35,3 @@ func BuildAgentToken(
 
 	return at.ToJWT()
 }
-
-type WorkerTokenConfig struct {
-	Keys    string        `yaml:"secret,omitempty"`
-	Timeout time.Duration `yaml:"timeout,omitempty"`
-}
-
-var DefaultWorkerTokenConfig = WorkerTokenConfig{
-	Timeout: 60 * time.Minute,
-}
-
-type WorkerClaims struct {
-	jwt.Claims
-}
-
-type WorkerTokenProvider struct {
-	nodeID  livekit.NodeID
-	keySet  jose.JSONWebKeySet
-	timeout time.Duration
-}
-
-func NewWorkerTokenProvider(nodeID livekit.NodeID, config WorkerTokenConfig) *WorkerTokenProvider {
-	var keySet jose.JSONWebKeySet
-	keys := bytes.Split([]byte(config.Keys), []byte(","))
-	for i := range keys {
-		key := bytes.TrimSpace(keys[i])
-		id := sha256.Sum256(key)
-		keySet.Keys = append(keySet.Keys, jose.JSONWebKey{
-			Key:       key,
-			KeyID:     base64.RawStdEncoding.EncodeToString(id[:8]),
-			Algorithm: string(jose.HS256),
-			Use:       "sig",
-		})
-	}
-
-	return &WorkerTokenProvider{
-		nodeID:  nodeID,
-		keySet:  keySet,
-		timeout: config.Timeout,
-	}
-}
-
-func (t *WorkerTokenProvider) Encode(claims WorkerClaims) (string, error) {
-	opts := &jose.SignerOptions{}
-	opts.WithType("JWT")
-	opts.WithHeader("kid", t.keySet.Keys[0].KeyID)
-
-	signer, err := jose.NewSigner(jose.SigningKey{
-		Algorithm: jose.HS256,
-		Key:       t.keySet.Keys[0],
-	}, opts)
-	if err != nil {
-		return "", fmt.Errorf("failed to create signer: %w", err)
-	}
-
-	now := time.Now()
-
-	claims.Issuer = string(t.nodeID)
-	claims.Expiry = jwt.NewNumericDate(now.Add(t.timeout))
-	claims.NotBefore = jwt.NewNumericDate(now)
-	claims.IssuedAt = jwt.NewNumericDate(now)
-
-	token, err := jwt.Signed(signer).Claims(claims).CompactSerialize()
-	if err != nil {
-		return "", fmt.Errorf("failed to create signed jwt: %w", err)
-	}
-	return token, nil
-}
-
-func (t *WorkerTokenProvider) Decode(token string) (*WorkerClaims, error) {
-	tok, err := jwt.ParseSigned(token)
-	if err != nil {
-		return nil, err
-	}
-
-	claims := &WorkerClaims{}
-	if err := tok.Claims(t.keySet, &claims); err != nil {
-		return nil, err
-	}
-	if err := claims.Validate(jwt.Expected{Time: time.Now()}); err != nil {
-		return nil, err
-	}
-	return claims, nil
-}

agent/token_test.go

@@ -1,60 +0,0 @@
-package agent
-
-import (
-	"testing"
-	"time"
-
-	"github.com/go-jose/go-jose/v3/jwt"
-	"github.com/stretchr/testify/require"
-
-	"github.com/livekit/protocol/livekit"
-	"github.com/livekit/protocol/utils/guid"
-)
-
-func TestToken(t *testing.T) {
-	cases := []struct {
-		label        string
-		keys0, keys1 string
-		success      bool
-	}{
-		{"one key", "foo", "foo", true},
-		{"one of key set", "foo", "foo,bar", true},
-		{"invalid key", "foo", "bar", false},
-	}
-
-	for _, c := range cases {
-		t.Run(c.label, func(t *testing.T) {
-			wt0 := NewWorkerTokenProvider(
-				livekit.NodeID(guid.New(guid.NodePrefix)),
-				WorkerTokenConfig{
-					Keys:    c.keys0,
-					Timeout: time.Hour,
-				},
-			)
-
-			workerID := guid.New(guid.AgentWorkerPrefix)
-			token, err := wt0.Encode(WorkerClaims{
-				Claims: jwt.Claims{
-					Subject: workerID,
-				},
-			})
-			require.NoError(t, err)
-
-			wt1 := NewWorkerTokenProvider(
-				livekit.NodeID(guid.New(guid.NodePrefix)),
-				WorkerTokenConfig{
-					Keys:    c.keys1,
-					Timeout: time.Hour,
-				},
-			)
-
-			claims, err := wt1.Decode(token)
-			if c.success {
-				require.NoError(t, err)
-				require.Equal(t, workerID, claims.Subject)
-			} else {
-				require.Error(t, err)
-			}
-		})
-	}
-}