'IVS Token Authorisation

I hope I explain a bit clearly with the problems I'm having. I used this guide ( https://catalog.us-east-1.prod.workshops.aws/v2/workshops/022adf04-0ff9-49af-848f-993e42575540/en-US/playauth) to generate a playback token , and after reading and following this entire guide, I was able to successfully generate a token.

"statusCode": 200,
  "body": "{\"token\":\"eyJhbGciOiJFUzM4NCIsInR5cCI6IkpXVCJ9.xxxxxxxxxxxxxxxxxxxxxxm4iOiJhcm46YXdzOml2czpldS13ZXN0LTE6MDgxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxOmFjY2Vzcy1jb250cm9sLWFsbG93LW9yaWdpbiI6Imh0dHBzOi8vd3d3LmZvb3R5LnRvIiwiaWF0IjoxNjQ0MzUyMjI2LCJleHAiOjE2NDY5NDQyMjZ9.EQ1tnLU5uQhxnkVjJvrOo_z1Jlf4w0yMuhgWtB8ZBf_NKgWJCcMmToKia8u1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\"}",
  "headers": {
    "Access-Control-Allow-Origin": "https://www.xxxxxx.com"
  }
}

I put this token behind the stream url and everything works as it should work;

https://247dfhj3e56u467.us-xxxx-1.playback.live-video.net/api/video/v1/us-east-1.08xxxxxx06.channel.GpxxxxxxxxxxwA.m3u8?token=eyJhbGciOiJFUzM4NCIsInR5cCI6IkpXVCJ9.xxxxxxxxxxxxxxxxxxxxxxm4iOiJhcm46YXdzOml2czpldS13ZXN0LTE6MDgxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxOmFjY2Vzcy1jb250cm9sLWFsbG93LW9yaWdpbiI6Imh0dHBzOi8vd3d3LmZvb3R5LnRvIiwiaWF0IjoxNjQ0MzUyMjI2LCJleHAiOjE2NDY5NDQyMjZ9.EQ1tnLU5uQhxnkVjJvrOo_z1Jlf4w0yMuhgWtB8ZBf_NKgWJCcMmToKia8u1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

This token only works on my domain, and when I use it on my other domain I get a CORS error because it only works on the domain I specified in the lambda function.

So so far the token generator works...

But guess what, as soon as there are people who can take the stream link through the source code, say use this link in VLC or any other m3u8 player, even some hls/m3u8 browser extensions in chrome can play it effortlessly.

My question to you is as follows;

  • Am I using the given token correctly?
  • Is there perhaps a lambda function script (json) that no longer enables these playback options?
  • Or can I solve this in another way so that the stream can only be played on my domain and not on a VLC player or browser extension.

Hopefully someone has a solution for this, because in this way the function of the token generator is not really valuable.

Sincerely.

authenticationaws-lambda


Solution 1:[1]

  • Your use case seems correct.
  • Unfortunately, it's difficult to revoke the JWT token once you created. There is a property of expire time. Default value is 2 days in index.js and you can set shorter in case.
  • If I'd do, I'd integrate with some other systems like Cognito or IP based security groups.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 shimo

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function