Introducing the Momento Token Vending Machine

In this guide, the concept of a Token Vending Machine (TVM) is introduced as a mechanism for generating fine-grained access-controlled (FGAC) tokens for web applications utilizing Momento services. The article presents two methods for incorporating a TVM into browser-based chat applications: one for applications with a server-side component, such as a NextJS chat app, and another for static sites, exemplified by a Vite JavaScript chat app. The server-side method involves creating an API endpoint that vends tokens using the Momento JavaScript SDK, while the static site method relies on an external HTTP endpoint using AWS Lambda, API Gateway, and AWS CDK. Both approaches require an initial access token from the Momento Console and offer configurations to adjust the permission scope of the tokens. Additionally, the TVM can be secured with authorizers, such as AWS Lambda or Amazon Cognito, to regulate access based on user groups and permission scopes, thus providing varying access levels.