Introduction
Key/license protection offers an extra level of security when using Dynamic Delivery with DRM-protected or HTTP Live Streaming Encryption (HLSe) content. License requests can be authenticated using a signed JSON Web Token (JWT). The token is used when requesting the video license, once the video has been loaded to the player and the source has been selected.
If you are not familiar with this feature, see the Overview: Brightcove Playback Restrictions document.
Overview
To configure Brightcove Player for key/license protection, you will pass a token parameter when making the catalog request for the video. To help you understand the code in the next section, review the concepts in the following documents:
Using an auth token
To use key/license protection, pass a string token as part of the player catalog object, using the property name bcovAuthToken
.
This approach works for both DRM and HLSe content. The player will detect the type of source being loaded from the Playback API and provide the correct implementation for that source.
Steps
- Create a signed JSON Web Token (JWT).
-
Include this token with the video request.
This sample implementation code uses the catalog.get() method to request the video while supplying the token.
<video-js id="myPlayerID" data-account="1507807800001" data-player="default" data-embed="default" controls data-application-id></video-js> <script src="//players.brightcove.net/1507807800001/default_default/index.min.js"></script> <script> (function() { var myPlayer = videojs.getPlayer('myPlayerID'); myPlayer.catalog.get({ type: 'video', id: '6015247091001', bcovAuthToken: 'your jwt token' }) .then(function(videoReturned){ myPlayer.catalog.load(videoReturned); }) .catch(function(err){ console.log('err:', err); }); })(); </script>
Configuring server-side ads (SSAI)
If you are using key/license protection with SSAI, then you need to include an additional parameter to the catalog parameters object, named adConfigId
.
<video-js id="myPlayerID"
data-account="1507807800001"
data-player="default"
data-embed="default"
controls
data-application-id></video-js>
<script src="//players.brightcove.net/1507807800001/default_default/index.min.js"></script>
<script>
(function() {
var myPlayer = videojs.getPlayer('myPlayerID');
myPlayer.catalog.get({
type: 'video',
id: '6015247091001',
bcovAuthToken: 'your jwt token',
adConfigId: 'your ad configuration id'
})
.then(function(videoReturned){
myPlayer.catalog.load(videoReturned);
})
.catch(function(err){
console.log('err:', err);
});
})();
</script>
Using a custom implementation
You may be using a custom implementation where you don't have the bcovAuthToken
to set the value with the the catalog.get() method request. If you are using your own or a third-party player, you can use one of the following approaches to pass your token into the license request:
-
HTTP header:
BCOV-Auth
(Not supported for HLSe) -
Cookie:
bcov-auth
(Not supported for HLSe) -
Query parameter:
bcov-auth
(Only supported for HLSe) Must be appended to the master manifest url, instead of the license url
Here is an example showing how to set the source.emeHeaders['BCOV-Auth']
attribute on the video object to the token. This inserts the emeHeader
on each source AFTER the catalog request.
<video-js id="myPlayerID"
data-account="1507807800001"
data-player="default"
data-embed="default"
controls
data-application-id></video-js>
<script src="//players.brightcove.net/1507807800001/default_default/index.min.js"></script>
<script>
(function() {
var myPlayer = videojs.getPlayer('myPlayerID');
myPlayer.catalog.get({
type: 'video',
id: '6015247091001'
})
.then(function(video){
sources=video.sources;
for (let i = 0; i < sources.length; i++) {
const source = sources[i];
// Only add the auth token as an eme header for DRM content
if (your jwt token && source.key_systems) {
source.emeHeaders = {
'BCOV-Auth': your jwt token
};
}
}
myPlayer.catalog.load(video);
})
.catch(function(err){
console.log('err:', err);
});
})();
</script>