LiveKit docs › Building Frontends › Authentication › Overview

---

# Authentication

> How to manage and use tokens to authenticate your frontend app

## Overview

Your frontend app uses a JWT access token to authenticate with LiveKit and specify which agent to dispatch. Generating a token requires API keys so it must be created on a backend server, sent to the frontend, and then provided to the session for connection.  To simplify this process, the session API utilizes a `TokenSource` abstraction that handles the details for you. The SDKs ship with a few different types of `TokenSource` to make it easy to get started and move to production.

### TokenSource

`TokenSource` abstracts away token fetching, caching, and refreshing, and integrates with [Session](https://docs.livekit.io/frontends/build/sessions.md) for automatic room connection and agent dispatch. The following types of `TokenSource` are available:

| Type | Description |
| **Token server** | LiveKit Cloud generates tokens for you, which is useful for development and testing but insecure in production. |
| **Endpoint** | Provide a standardized token endpoint on your own backend, with your own authentication headers, and let LiveKit manage the token lifecycle. |
| **Custom** | Provide your own custom asynchronous token generation mechanism. |
| **Literal** | Directly provide tokens that you have generated and fetched yourself. |

For lower-level control, you can generate tokens manually and use `Room.connect` directly. See [Tokens & grants](https://docs.livekit.io/frontends/reference/tokens-grants.md) for more information on token generation.

### Authentication flow

Authentication has three main steps:

1. **Token generation**: Your backend or the LiveKit Cloud token server generates a JWT token that includes agent dispatch information.
2. **Frontend connection**: Your frontend uses the token to connect to a LiveKit room. With `Session`, this happens automatically -- `TokenSource` fetches the token and `Session` handles the connection.
3. **Agent dispatch**: LiveKit reads the agent dispatch information and assigns the specified agent to the room.

The diagram below shows the different paths you can take for token generation, and how they fit into the flow:

```mermaid
flowchart TD
Start([Frontend App]) --> Choose{Choose token<br/>generation method}Choose -->|Development| Sandbox[Token Server<br/>LiveKit Cloud]
Choose -->|Production| Endpoint[Your Token Endpoint<br/>Standardized format]
Choose -->|Production| Custom[Custom <br/>Existing infrastructure]
Choose -->|Manual| Manual[Generate tokens<br/>yourself]Sandbox --> TokenSourceAPI[]
Endpoint --> TokenSourceAPI
Custom --> TokenSourceAPI
Manual --> Direct[Room.connect<br/>Direct connection]TokenSourceAPI --> Token[Get JWT Token<br/>with agent dispatch]
Direct --> TokenToken --> Connect[Connect to<br/>LiveKit Room]
Connect --> Agent[Agent joins<br/>and starts conversation]
```

## Choose a workflow

Pick a token generation approach based on where you are in development.

### Development workflow

Use LiveKit Cloud's token server for quick development and testing. No backend code needed. Your frontend uses a token server `TokenSource`.

- **[Token server](https://docs.livekit.io/frontends/build/authentication/sandbox-token-server.md)**: Get detailed setup instructions and frontend code examples for all platforms.

### Production workflow

For production, build a standardized token endpoint or use your existing token generation infrastructure with a custom `TokenSource`.

#### Token endpoints

Build your own token endpoint for production use. Your backend generates tokens that include agent dispatch, and your frontend uses an endpoint `TokenSource`.

- **[Token endpoints](https://docs.livekit.io/frontends/build/authentication/endpoint.md)**: Get the endpoint format, implementation guide, and production-ready backend examples.

#### Custom token generation

If you already have a token generation mechanism, use a custom `TokenSource` to integrate it with `Session`. You get token caching and automatic refreshing while using your existing infrastructure.

- **[Custom token generation](https://docs.livekit.io/frontends/build/authentication/custom.md)**: Learn how to integrate your existing token generation with Session APIs.

### Alternative: Manual token generation

If you prefer to generate tokens yourself and use `Room.connect` directly, you skip `Session` entirely and handle room connection and agent lifecycle yourself. You must include agent dispatch information when you create the token.

- **[Tokens & grants](https://docs.livekit.io/frontends/reference/tokens-grants.md)**: Learn about token structure, grants, permissions, and how to create tokens manually.

---

This document was rendered at 2026-06-07T11:33:13.892Z.
For the latest version of this document, see [https://docs.livekit.io/frontends/build/authentication.md](https://docs.livekit.io/frontends/build/authentication.md).

To explore all LiveKit documentation, see [llms.txt](https://docs.livekit.io/llms.txt).