Jump to content
Community forum has migrated to GitHub Discussions (https://github.com/orgs/ant-media/discussions)! Learn more... ×
  • 0

Subscriber a stream question

Luis Muniz

Asked by Luis Muniz,

 Share

Question

  • Answers 5
  • Created
  • Last Reply

Top Posters For This Question

Popular Days

Top Posters For This Question

Popular Days

Popular Posts

Connessione
Connessione

@Burak and @Luis Muniz, in my opinion this is a use case that could best be addressed if there was a way to add custom authentication scheme for publish and playback to the java serverside application

5 answers to this question

Recommended Posts

  • 0
Burak Community Regular

Burak

Posted
Posted

Hi Luiz,

Thanks for your great question.

Maybe we can discuss this here with the community. We may find a best practice for such a requirement.

Let me tell what we have in AMS and my idea. As you wrote, one can create subscribers by the help of TOTP. Besides you can still define subscriber ids for the players without TOTP.

But in that case, these user controls should be done in the business application instead of Ant Media Server. I mean that someone who wants to play a stream should login to business application and then he is granted to play stream by providing a token and subscriber id by business application.

If someone in the community has experience for such a case please share with us.

Link to comment
Share on other sites
  • 0
Luis Muniz Newbie

Luis Muniz

Posted
  • Author
Posted
4 hours ago, Burak said:

Hi Luiz,

Thanks for your great question.

Maybe we can discuss this here with the community. We may find a best practice for such a requirement.

Let me tell what we have in AMS and my idea. As you wrote, one can create subscribers by the help of TOTP. Besides you can still define subscriber ids for the players without TOTP.

But in that case, these user controls should be done in the business application instead of Ant Media Server. I mean that someone who wants to play a stream should login to business application and then he is granted to play stream by providing a token and subscriber id by business application.

If someone in the community has experience for such a case please share with us.

I found this feature (to create any play stream providing a token and custom subscriber id - JS SDK), but I believe can be an issue (Without TOTP help). This custom subscriber id is easliy editable content in browser-side and AMS REST API can't validate it.

I need to create a safe and imutable ID between the sides (AMS play stream id and business app user), means I need this context to user DURING/AFTER PLAY control (check if online, hours played, charges per minute, disconnect him, etc).

I think TOTP and One-time token is unique way as far.

PS: AMS REST API for now, closes webrtc viewers only. Please, consider others.

Link to comment
Share on other sites
  • 0
Luis Muniz Newbie

Luis Muniz

Posted
  • Author
Posted
1 hour ago, Luis Muniz said:

I found this feature (to create any play stream providing a token and custom subscriber id - JS SDK), but I believe can be an issue (Without TOTP help). This custom subscriber id is easliy editable content in browser-side and AMS REST API can't validate it.

I need to create a safe and imutable ID between the sides (AMS play stream id and business app user), means I need this context to user DURING/AFTER PLAY control (check if online, hours played, charges per minute, disconnect him, etc).

I think TOTP and One-time token is unique way as far.

PS: AMS REST API for now, closes webrtc viewers only. Please, consider others.

I feel that "Accept Undefined Publish Streams" and "Accept Undefined Play Streams" may should be done, to expand REST possibilities, BroadcastRestService/addSubscriber is exclusively to TOTP only.

Link to comment
Share on other sites
  • 0
Luis Muniz Newbie

Luis Muniz

Posted
  • Author
Posted
On 7/22/2022 at 11:52 AM, Luis Muniz said:

I feel that "Accept Undefined Publish Streams" and "Accept Undefined Play Streams" may should be done, to expand REST possibilities, BroadcastRestService/addSubscriber is exclusively to TOTP only.

Another sugestion:
When removing one broadcast stream, all subscribers this same broadcast stream should be removed too, like cascade.

Link to comment
Share on other sites
  • 0
Connessione Community Regular

Connessione

Posted
Posted

@Burak and @Luis Muniz, in my opinion this is a use case that could best be addressed if there was a way to add custom authentication scheme for publish and playback to the java serverside application. Typically what would happen is :
 

  • Client logs in and gets a one time token from business server
  • Client attempts to playback stream. the player could have any arbitrary ID (we dont care)
  • The playback request will sent the token and any other client side attribute as parameter to server side app
  • Server-side app will send token to business server and validate the token and return response to client
  • Client can then play the stream & the business server destroys the token ofcourse.

 

 

  • Thanks 1
Link to comment
Share on other sites
 Share
Go to question listing
×
×
  • Create New...