You can authorize playback using the Ooyala Player Token.
(Available only if your Ooyala account includes this functionality. To enable Ooyala Player Token, contact your account manager.)
Limiting playback exclusively to authorized users and exclusively on your page requires
the communication of the token request URL to the player, so that the player can utilize this
URL throughout authorization. This is accomplished with the following steps:
- Generate a Token Request and Authorization URL. You generate the signed token
request URL on the server-side, specifying a short expiration time as one of the
query-string parameters. You must also include your provider code and a comma separated
expiration time prevents it from being lifted from your page and used elsewhere.
Set the Token Expiration Time. You need to set an expiration time for the
Playback Token in your Backlot Syndication tab. Note that this expiration time is
independent of the token request expiration time. Its function is to specify how long
the token (issued by Ooyala) will be valid, and it controls the
viewer’s access to authorized players for the specified interval. space.
Embed the URL to Issue Authorization. When the crafted token request URL is
forwarded to the player, Ooyala’s authorization response will send an authorization/no-authorization decision.
Once the client receives an affirmative authorization response, video playback is enabled.
- Playback Authorization. Before the video starts playing, the Ooyala player sends
the authentication request and receives the token. When the authorization server validates
the URL, it authorizes playing the content. The authorization is in effect until the
session expires. If the session expires, the viewer needs to refresh the browser.
Note: If the URL is not valid, it will display an error message. For more information
about the error, see the "Error Types" topic in this document.
Two Types of Expiration Times
With this design, you should note the difference between the two expiration times. You
need to set:
- One expiration time on the token request (the URL that will be embedded on the
page—adjustable by the provider’s server-side implementation). Use a short expiration
time on the URL snippet so that the snippet cannot be replicated across other domains
(it can be embedded, but will become nonfunctional).
- The other expiration time on the token object itself (expiry
time adjustable through your Backlot account). A longer expiration time may be set (if
desirable) on the token object, since the Same Origin Policy protects its distribution.
Combining the Ooyala Token with Other Content Authorization Types
The Ooyala Player Token works either singly or in conjunction with other types Digital
Rights Management (DRM) solutions that Ooyala provides (or supports) to ensure that users
can have access to authorized content. You can also use the Ooyala Player Token in
- Ooyala's Rights Locker entitlement enforcement system
- Ooyala's device registration system
- A CDN token to prevent unauthorized sharing of a direct link to an Real Time Messaging
Protocol (RTMP) stream.
- Encrypted delivery (such as RTMPE or HLS AES Encryption) to prevent recording of a
- DRM Technologies (such as Flash Access) to enforce usage rights on content.