Luis Muniz Posted July 22, 2022 Share Posted July 22, 2022 Hello there! Would be possible to play a stream (streamId) by mandatory to be registerd in subscribers database (subscriberId), but no TOTP required? Regards, Luis Muniz Link to comment Share on other sites More sharing options...
0 Burak Posted July 22, 2022 Share Posted July 22, 2022 Hi Luiz, Thanks for your great question. Maybe we can discuss this here with the community. We may find a best practice for such a requirement. Let me tell what we have in AMS and my idea. As you wrote, one can create subscribers by the help of TOTP. Besides you can still define subscriber ids for the players without TOTP. But in that case, these user controls should be done in the business application instead of Ant Media Server. I mean that someone who wants to play a stream should login to business application and then he is granted to play stream by providing a token and subscriber id by business application. If someone in the community has experience for such a case please share with us. Link to comment Share on other sites More sharing options...
0 Luis Muniz Posted July 22, 2022 Author Share Posted July 22, 2022 4 hours ago, Burak said: Hi Luiz, Thanks for your great question. Maybe we can discuss this here with the community. We may find a best practice for such a requirement. Let me tell what we have in AMS and my idea. As you wrote, one can create subscribers by the help of TOTP. Besides you can still define subscriber ids for the players without TOTP. But in that case, these user controls should be done in the business application instead of Ant Media Server. I mean that someone who wants to play a stream should login to business application and then he is granted to play stream by providing a token and subscriber id by business application. If someone in the community has experience for such a case please share with us. I found this feature (to create any play stream providing a token and custom subscriber id - JS SDK), but I believe can be an issue (Without TOTP help). This custom subscriber id is easliy editable content in browser-side and AMS REST API can't validate it. I need to create a safe and imutable ID between the sides (AMS play stream id and business app user), means I need this context to user DURING/AFTER PLAY control (check if online, hours played, charges per minute, disconnect him, etc). I think TOTP and One-time token is unique way as far. PS: AMS REST API for now, closes webrtc viewers only. Please, consider others. Link to comment Share on other sites More sharing options...
0 Luis Muniz Posted July 22, 2022 Author Share Posted July 22, 2022 1 hour ago, Luis Muniz said: I found this feature (to create any play stream providing a token and custom subscriber id - JS SDK), but I believe can be an issue (Without TOTP help). This custom subscriber id is easliy editable content in browser-side and AMS REST API can't validate it. I need to create a safe and imutable ID between the sides (AMS play stream id and business app user), means I need this context to user DURING/AFTER PLAY control (check if online, hours played, charges per minute, disconnect him, etc). I think TOTP and One-time token is unique way as far. PS: AMS REST API for now, closes webrtc viewers only. Please, consider others. I feel that "Accept Undefined Publish Streams" and "Accept Undefined Play Streams" may should be done, to expand REST possibilities, BroadcastRestService/addSubscriber is exclusively to TOTP only. Link to comment Share on other sites More sharing options...
0 Luis Muniz Posted July 25, 2022 Author Share Posted July 25, 2022 On 7/22/2022 at 11:52 AM, Luis Muniz said: I feel that "Accept Undefined Publish Streams" and "Accept Undefined Play Streams" may should be done, to expand REST possibilities, BroadcastRestService/addSubscriber is exclusively to TOTP only. Another sugestion: When removing one broadcast stream, all subscribers this same broadcast stream should be removed too, like cascade. Link to comment Share on other sites More sharing options...
0 Connessione Posted July 27, 2022 Share Posted July 27, 2022 @Burak and @Luis Muniz, in my opinion this is a use case that could best be addressed if there was a way to add custom authentication scheme for publish and playback to the java serverside application. Typically what would happen is : Client logs in and gets a one time token from business server Client attempts to playback stream. the player could have any arbitrary ID (we dont care) The playback request will sent the token and any other client side attribute as parameter to server side app Server-side app will send token to business server and validate the token and return response to client Client can then play the stream & the business server destroys the token ofcourse. 1 Link to comment Share on other sites More sharing options...
Question
Luis Muniz
Hello there!
Would be possible to play a stream (streamId) by mandatory to be registerd in subscribers database (subscriberId), but no TOTP required?
Regards,
Luis Muniz
Link to comment
Share on other sites
Top Posters For This Question
4
1
1
Popular Days
Jul 22
4
Jul 25
1
Jul 27
1
Top Posters For This Question
Luis Muniz 4 posts
Burak 1 post
Connessione 1 post
Popular Days
Jul 22 2022
4 posts
Jul 25 2022
1 post
Jul 27 2022
1 post
Popular Posts
Connessione
@Burak and @Luis Muniz, in my opinion this is a use case that could best be addressed if there was a way to add custom authentication scheme for publish and playback to the java serverside application
5 answers to this question
Recommended Posts