Ooyala Player Token Expiration

The Ooyala Player Token is valid for the ooyala domain: player.ooyala.com. When using the Ooyala Player Token, you need to be aware of the various types of session expiration:
  • URL Token Request Expiration - Shorter in duration than the expiration time you set in Backlot, this expiration is selected by the provider on the server-side and included in the token request URL directly.

  • Set Token Expiration - This expiration time is set by the content provider in Backlot. Information about setting this type of expiration is described in the topic, Setting the Ooyala Player Token, in this document.

  • Interaction Token Expiration - This type of token expiration originates from user actions that close the player.

To clear the Ooyala Player Token set in player.ooyala.com, call the player.ooyala.com/sas/revoke_embed_token/:pcode API where :pcode is substituted with your provider pcode.

Note: When the Ooyala Player Token has been created using the "all" embed code parameter, there is no syndication group associated with it, so you cannot configure the expiration time in a Backlot syndication group. Instead you must create a provider attribute called "wildcard_opt_expiration_time" and give it a value in seconds. If you do not create this attribute, then a default expiration time of 10 minutes will be used for the token.

Token Request URL Expiration Time

The token request URL has an expiration that is separate from the token’s expiration time that you set in Backlot (or via the API). Per the discussion at the bottom in the prior topic, “How Does It Work” we recommend that you use short expiration time. You set the Token Request URL expiration time within the URL itself.  The format is similar to the following example:

Note: For more information about constructing the Token Request URL, see the topic Controlling Playback with the Ooyala Player Token in this document.

Setting Token Expiration Time In Backlot

When Ooyala authorizes playback and responds to the token request with a token object, the user is authorized to play the video or audio content until token expiration time occurs. Following expiration, the user no longer has playback authorization and must reload the page to playback the content. If a user was authorized initially, and mid-playback the token expires, playback does not cease. Once authorized for playback, this mechanism does not revoke access unless a user reloads the page (or navigates away and returns). For more information about setting the expiration time in Backlot, see step 5 in the following topic, Setting the Ooyala Player Token later in this document.

Interaction Token Expiration Time

The token remains on the browser even if the user navigates away from the page or stops playback, though it can certainly expire in the meanwhile. Users can trigger token flushing only by closing the browser. To get another token object, the user would then have to reload the page, re-triggering the pathway discussed in Controlling Playback with the Ooyala Player Token earlier in this document.