-
Notifications
You must be signed in to change notification settings - Fork 642
The Steps of One Time Token Operations
Attention: We have migrated our documentation to our new platform, Ant Media Resources. Please follow this link for the latest and up-to-date documentation.
NOTE: We have updated our documentation. This page is outdated. You can access updated version from the sidebar menu.
NOTE: We have updated our documentation. This page is outdated. You can access updated version from the sidebar menu.
The one-time token method is one of the effective authentication methods to secure your streams. Ant Media Server offers one-time token security control option with 1.5.0 version.
- TokenId: Generated a random string from service.
- StreamId: The Id of the resource that the user wants to reach.
- ExpireDate: The expiration date of the token (Use Unix Timestamp, such as 1560771964).
- Type: Either
publish
orplay
token.
Firstly, the setting should be enabled in the management panel.
The Server creates tokens with getToken Rest Service getting streamId, expireDate and type parameters with query parameters. Service returns tokenId and other parameters. It is important that streamId and type parameters should be defined properly. Because tokenId needs to match with both streamId and type.
The sample token creation service URL:
http://[IP_Address]:5080/<Application_Name>/rest/broadcast/getToken?id=<Stream_Id>&expireDate=<Expire_Date>&type=publish
Please note that calling this rest service from remote is restricted due to the security reasons. Please add the requester IP addresses to "Use IP Filtering for RESTful API" section in Settings Tab of the application.
The system controls token validity during publishing or playing.
RTMP Publishing: You need to add a token parameter to RTMP URL before publishing. Sample URL:
rtmp://[IP_Address]/<Application_Name>/<Stream_Id>?token=tokenId
WebRTC Publishing: Token parameter should be inserted to publish WebSocket message.
{
command : "publish",
streamId : "stream1",
token : "tokenId",
}
For details about WebRTC WebSocket messaging please visit wiki page.
The Server creates tokens with getToken Rest Service getting streamId, expireDate and type parameters with query parameters. Service returns tokenId and other parameters. It is important that streamId and type parameters should be defined properly. Because tokenId needs to match with both streamId and type.
The sample token creation service URL:
http://[IP_Address]:5080/<Application_Name>/rest/broadcast/getToken?id=<Stream_Id>&expireDate=<Expire_Date>&type=play
Please note that calling this rest service from remote is restricted due to the security reasons.
If you want to remove this filtering mechanism please remove the below lines from webapps-> {Application} -> WEBINF -> web.xml
<filter>
<filter-name>RestAuthenticationFiler</filter-name>
<filter-class>io.antmedia.serverapp.pscp.filter.RestAuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>RestAuthenticationFiler</filter-name>
<url-pattern>/rest/*</url-pattern>
</filter-mapping>
Live Stream/VoD Playing: Same as publishing, the token parameter is added to URL. Sample URL:
http://[IP_Address]/<Application_Name>/streams/<Stream_Id_or_Source_Name>?token=tokenId
WebRTC Playing: Again the token parameter should be inserted to play WebSocket message.
{
command : "play",
streamId : "stream1",
token : "tokenId",
room : "roomId"
}
Please have a look at the principles described in the wiki page.
Ant Media Server evaluates based on its properties to secure your streams. Whether it is valid for the requested stream or not is controlled. Another important control process is checking the type of the token. Because the developer or administrator may give access to a user to play a stream but not publish to this stream even with the same streamId.
Once the token is successfully validated by Ant Media Server, then it is removed from the database so that other requests with the same token will be dismissed. Since consecutive requests are sent during playing/accessing streams, the session information saved after the one-time token is consumed.
- Introduction
- Quick Start
- Installation
- Publishing Live Streams
- Playing Live Streams
- Conference Call
- Peer to Peer Call
- Adaptive Bitrate(Multi-Bitrate) Streaming
- Data Channel
- Video on Demand Streaming
- Simulcasting to Social Media Channels
- Clustering & Scaling
- Monitor Ant Media Servers with Apache Kafka and Grafana
- WebRTC SDKs
- Security
- Integration with your Project
- Advanced
- WebRTC Load Testing
- TURN Servers
- AWS Wavelength Deployment
- Multi-Tenancy Support
- Monitor Ant Media Server with Datadog
- Clustering in Alibaba
- Playlist
- Kubernetes
- Time based One Time Password
- Kubernetes Autoscaling
- Kubernetes Ingress
- How to Install Ant Media Server on EKS
- Release Tests
- Spaceport Volumetric Video
- WebRTC Viewers Info
- Webhook Authentication for Publishing Streams
- Recording Streams
- How to Update Ant Media Server with Cloudformation
- How to Install Ant Media Server on GKE
- Ant Media Server on Docker Swarm
- Developer Quick Start
- Recording HLS, MP4 and how to recover
- Re-streaming update
- Git Branching
- UML Diagrams