Using Token Authorization
To enable Token Authorization protection for your player and content, do the following.
- Create a configuration and a stream with Token Authorization enabled (see Create a configuration).
- Inform your Account Representative that you wish to activate Token Authorization protection for your network for the Adobe Flash Platform content. This ensures that the server side is correctly configured.
- Your Account Representative will provide you sample server-side scripts that you run to generate a token service. These scripts are available in all the common server-side languages (ASP, Perl, PHP, and Oracle® Java® languages). There will be a shared secret (and an optional salt) that both Media Services Live and your service code share.
- The service should apply whatever business logic your application needs to validate a specific user. For example, it could require a session cookie to be present in the request, which indicates that the user is authenticated in a portal or login gateway. It could also carry an explicit token that you hand to the player upon instantiation. You can filter by IP address if you want to authorize use solely within a company LAN.
After the Web service is built, you must
create an ActionScript class that calls it. This class must implement the
ITokenServiceinterface. This interface requires the class to offer up a
requestTokenizedURL()method, which the
HDNetStreamclass uses to request a tokenized URL and then two callback functions to call on both success and error.
In your player, you set the
In the player, you also instantiate an
instance of this
TokenServiceclass and register it with the
HDNetStreamprior to the calling
play(). This registration is done by setting the tokenService property to the token service instance you just created.
The first time you call
play()for an asset, the
HDNetStreamclass generates the exact URL request and then calls the
requestTokenizedURL()method on your token service. Your token service class calls your token service and receives a token. If it is successful, it calls back the
callBackFunctionOnSuccessfunction that the
HDNetStreamdefined. If it has a problem, then it calls back the
Assuming success, the
HDNetStreamclass hands the Token Authorization token to the Edge server. If that token is validated, playback continues indefinitely. If the token is rejected, the Edge server disconnects the delivery session immediately.Token Authorization has this construct because authorization tokens might be required at any time during playback, not only at the beginning. This is because the Edge server has a short timeout period of only 120 seconds. If you pause the player for more than 120 seconds, the HTTP connection times out. The
HDNetStreamdetects this and makes a new
play()request to continue playback. To do so, it needs to request fresh Token Authorization tokens from your service.