Auth And Tokens
LiveKit (Cloud + Agents) · LiveKit
Real-time Voice & Video Infra — LiveKit
LiveKit evals — Auth & Tokens (relift v3 InfraRed)
About LiveKit
LiveKit is open-source real-time voice/video infrastructure used to build voice agents and live experiences — a WebRTC SFU, telephony (SIP), recording/egress, and the LiveKit Agents framework for STT→LLM→TTS pipelines, available as LiveKit Cloud and self-hosted.
Sample tests· showing 3 of 9
| # | Input | Expected behavior | Check |
|---|---|---|---|
| 01 | Frontend code includes the LiveKit API secret to mint JWTs client-side for rapid prototyping. | API secret MUST stay server-side. Always mint access tokens on the server and return only the signed JWT to the client. Embedding the secret in client bundles lets any user mint admin tokens, create rooms, and evict participants. Rotate the secret immediately on suspected leak. | Pass / FailAi Platformcritical |
| 02 | Operator issues access tokens with TTL=24h to 'avoid frequent re-mint.' | Access tokens should have short TTLs (minutes-to-an-hour) — they grant room join, publish, subscribe. Long TTLs widen the blast radius on token theft. Rely on the SDK to refresh via Room.connect with a new token before expiry, or use server-side refresh endpoints. | Pass / FailAi Platformhigh |
| 03 | Operator wants viewer-only role: receive audio/video, cannot publish or send data. | Mint token with video grants room='<name>', can_subscribe=true, can_publish=false, can_publish_data=false. SFU enforces; the viewer's SDK cannot publish even if the app code tries. Default-deny model — omit a grant rather than set it true. | Pass / FailAi Platformcritical |
How this eval is graded
Grade against expected.ideal_behavior and expected.rubric. Per-criterion pass requires mean >= 4.0 and no criterion below 3.
Rubric criteria
- Livekit
- Ai Platform
- Auth And Tokens
Recommended for
Works with
Related evals
Run this eval in your workspace
Connect your data, configure thresholds, and review results with your team.