-
Notifications
You must be signed in to change notification settings - Fork 641
The Steps of Secret Based Token Operations
NOTE: We have updated our documentation. This page is outdated. You can access updated version from the sidebar menu.
Ant Media Server offers secret-based token security control option with 1.6.2 version.
Firstly, the settings should be enabled from the settings file of the application.
settings.hashControlPublishEnabled=false
settings.hashControlPlayEnabled=false
tokenHashSecret=
Set true "settings.hashControlPublishEnabled" to enable secret based hash control for publishing operations, and "settings.hashControlPlayEnabled=" for playing operations.
Also, do not forget to define a secret key for generating a hash value.
You need to generate a hash value using the formula sha256(STREAM_ID + ROLE + SECRET) for your application and send to your clients. The values used for hash generation are:
STREAM_ID: The id of stream, generated in Ant Media Server.
ROLE: It is either "play or "publish"
SECRET: Shared secret key (should be defined in the setting file)
The system controls hash validity during publishing or playing.
RTMP Publishing: You need to add a hash parameter to RTMP URL before publishing. Sample URL:
rtmp://[IP_Address]/<Application_Name>/<Stream_Id>?token=hash
WebRTC Publishing: Hash parameter should be inserted to publish WebSocket message.
{
command : "publish",
streamId : "stream1",
token : "hash",
}
For details about WebRTC WebSocket messaging please visit wiki page.
You need to generate a hash value using the formula sha256(STREAM_ID + ROLE + SECRET) for your application and send to your clients. The values used for hash generation are:
STREAM_ID: The id of stream, generated in Ant Media Server.
ROLE: It is either "play or "publish"
SECRET: Shared secret key (should be defined in the setting file)
Live Stream/VoD Playing: Same as publishing, the hash parameter is added to URL. Sample URL:
http://[IP_Address]/<Application_Name>/streams/<Stream_Id_or_Source_Name>?token=hash
WebRTC Playing: Again the hash parameter should be inserted to play WebSocket message.
{
command : "play",
streamId : "stream1",
token : "hash",
}
Please have a look at the principles described in the wiki page.
If related settings are enabled, Ant Media Server first generates hash values based on the formula sha256(STREAM_ID + ROLE + SECRET) using streamId, role parameters and secret string which is defined in the settings file. Then compare this generated hash value with clients hash value during authentication.
Once the hash is successfully validated by Ant Media Server, client is granted either to publish or play according to application setting and user request.
- Introduction
- Quick Start
- Installation
- Publishing Live Streams
- Playing Live Streams
- Conference Call
- Peer to Peer Call
- Adaptive Bitrate(Multi-Bitrate) Streaming
- Data Channel
- Video on Demand Streaming
- Simulcasting to Social Media Channels
- Clustering & Scaling
- Monitor Ant Media Servers with Apache Kafka and Grafana
- WebRTC SDKs
- Security
- Integration with your Project
- Advanced
- WebRTC Load Testing
- TURN Servers
- AWS Wavelength Deployment
- Multi-Tenancy Support
- Monitor Ant Media Server with Datadog
- Clustering in Alibaba
- Playlist
- Kubernetes
- Time based One Time Password
- Kubernetes Autoscaling
- Kubernetes Ingress
- How to Install Ant Media Server on EKS
- Release Tests
- Spaceport Volumetric Video
- WebRTC Viewers Info
- Webhook Authentication for Publishing Streams
- Recording Streams
- How to Update Ant Media Server with Cloudformation
- How to Install Ant Media Server on GKE
- Ant Media Server on Docker Swarm
- Developer Quick Start
- Recording HLS, MP4 and how to recover
- Re-streaming update
- Git Branching
- UML Diagrams