Token Protected Streams
-
URL-Appended Token Authorization (Edge token).
-
How to Handle the authorize Event.
-
How to provide a token upfront.
-
Renewing the authorization token.
URL-Appended Token Authorization or Edge token
In scenarios when renewing the authorization token might not be necesary or will be handled manually, the authorization token can be passed along the stream url.
http://my-stream-url.m3u8?hdnea=exp=1234567890~acl=/*~hmac=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
https://my-stream-url.m3u8?hdnts=st=0123456789~exp=1234567890~acl=/*~hmac=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Handling the Authorize Event
In scenarios when the stream can’t be authorized by including the authotization token in the URL, the autorization token can be provided by handling the authorize
event. To do so, first, the akamai.amp.Media object must include a status object with state blocked.
The next example shows both the configuration changes required and how to handle the authorize event.
var config = {
media: {
src: "http://url-of-stream-without-token-appended"
status: {
// this tells the player the media needs to be authorized
state: "blocked"
}
}
};
akamai.amp.AMP.create("akamai-media-player", config).then(function (amp) {
amp.addEventListener("authorize", function () {
// do token generation / retrieval
amp.authorize({
token: "TOKEN_STRING"
});
});
});
Providing an Authorization Token Upfront
If the authorization needs to be provided upfront, the akamai.amp.Media object must include an akamai.amp.Authorization object. The authorization object should include the token.
var config = {
media: {
src: "http://url-of-stream-without-token-appended"
authorization: {
token: "TOKEN_STRING"
}
}
};
akamai.amp.AMP.create("akamai-media-player", config);
Renewing the authorization token
It is common that the authorization tokens are invalidated after a defined period of time when working with protected streams. This happens to ensure that only the intended receivers have access to the stream. In these scenarios, the expiration attribute can be included in the akamai.amp.Authorization object. This way the player will fire the authorize event at the given time.
var config = {
media: {
src: "http://url-of-stream-without-token-appended"
authorization: {
token: "TOKEN_STRING",
// optional timestamp. If provided the player will fire the
// "authorize" event when expiration has occurred
expiration: 1479319024356
}
}
};
akamai.amp.AMP.create("akamai-media-player", config);
In cases where the expiration is not known, amp.authorize()
can be called at any time and the player will use the latest authorization
block when reattaching the stream.