Skip to content

Time based One Time Password (TOTP)

Selim Emre Toy edited this page Jul 14, 2021 · 22 revisions

The Time-based One-time Password algorithm (TOTP) is an extension of the HMAC-based One-time Password algorithm (HOTP) that generates a one-time password (OTP) by instead taking uniqueness from the current time.

We define a publisher or player as a subscriber. If time based token enabled, a subscriber should be created for the stream to able to publish or play. Each subscriber has an ID and a code. When a subscriber requests to publish or play a stream, he should provide his ID and time based token generated for his code. Otherwise server doesn't accept the publish or play request.

Enabling and Setting

You can enable TOTP using Management Panel or in configuration file as settings.timeTokenSubscriberOnly=true You can also set TOTP period in seconds in configuration file as settings.timeTokenPeriod=60

Subscriber Operations

After enabling TOP in the server the following operations should be performed to publish or play by using TOTP.

  1. Admin creates a new subscriber (publisher or player) by using this REST Method. You should assign a base 32 secret to each subscriber at the creation. A secret should be in length of multiple of 8 characters.

    Curl example for publisher type subscriber creation.

    curl -X POST -H "Accept: Application/json" -H "Content-Type: application/json" http://localhost:5080/WebRTCAppEE/rest/v2/broadcasts/stream1/subscribers -d '{"subscriberId":"publisherA", "b32Secret":"mysecret", "type":"publish"}'

    Curl example for player type subscriber creation.

    curl -X POST -H "Accept: Application/json" -H "Content-Type: application/json" http://localhost:5080/WebRTCAppEE/rest/v2/broadcasts/stream1/subscribers -d '{"subscriberId":"playerB", "b32Secret":"mysecret", "type":"play"}'

  2. Subscriber(Publisher or Player) needs to have a TOTP token to publish or play the stream. This token should be created using subscriber secret key. Here is an example page that creates TOTP.

  3. Subscriber(Publisher or Player) can request publish or play using the created TOTP.

    Example of a publish request:

    http://localhost:5080/WebRTCAppEE/?subscriberId=publisherA&subscriberCode=440456

    Example of a play request:

    http://localhost:5080/WebRTCAppEE/play.html?subscriberId=playerB&subscriberCode=​438610

You can find create, delete, list REST Methods references from REST API Reference

Subscriber Statistics

You can also get the some statistics like connection events, average bitrate for each subscriber with the following REST method.

curl -i -H "Accept: Application/json" -X GET "http://localhost:5080/WebRTCAppEE/rest/v2/broadcasts/stream1/subscriber-stats/list/0/5"

User Guide

Reference

Troubleshooting

Draft

Proposals

Clone this wiki locally