Contact Support | System Status
Page Contents

    Key/License Protection with the Brightcove Player

    In this topic, you will learn how to configure Brightcove Player to use Key/license protection associated with Brightcove Playback Restrictions.

    Introduction

    Key/license protection offers an extra level of security when using Dynamic Delivery with DRM-protected or HTTP Live Streaming Encryption (HLSe) content. License requests can be authenticated using a signed JSON Web Token (JWT). The token is used when requesting the video license, once the video has been loaded to the player and the source has been selected.

    If you are not familiar with this feature, see the Overview: Brightcove Playback Restrictions document.

    Overview

    To configure Brightcove Player for key/license protection, you will pass a token parameter when making the catalog request for the video. To help you understand the code in the next section, review the concepts in the following documents:

    Using an auth token

    To use key/license protection, pass a string token as part of the player catalog object, using the property name bcovAuthToken.

    This approach works for both DRM and HLSe content. The player will detect the type of source being loaded from the Playback API and provide the correct implementation for that source.

    Steps

    1. Create a signed JSON Web Token (JWT).
    2. Include this token with the video request.

      This sample implementation code uses the catalog.get() method to request the video while supplying the token.

        <video-js id="myPlayerID"
          data-account="1507807800001"
          data-player="default"
          data-embed="default"
          controls
          data-application-id></video-js>
        <script src="//players.brightcove.net/1507807800001/default_default/index.min.js"></script>
        
        <script>
          (function() {
            var myPlayer = videojs.getPlayer('myPlayerID');
        
            myPlayer.catalog.get({
              type: 'video',
              id: '6015247091001',
              bcovAuthToken: 'your jwt token'
            })
              .then(function(videoReturned){
                myPlayer.catalog.load(videoReturned);
              })
              .catch(function(err){
                console.log('err:', err);
              });
          })();
        </script>

    Configuring server-side ads (SSAI)

    If you are using key/license protection with SSAI, then you need to include an additional parameter to the catalog parameters object, named adConfigId.

    <video-js id="myPlayerID"
      data-account="1507807800001"
      data-player="default"
      data-embed="default"
      controls
      data-application-id></video-js>
    <script src="//players.brightcove.net/1507807800001/default_default/index.min.js"></script>
    
    <script>
      (function() {
        var myPlayer = videojs.getPlayer('myPlayerID');
    
        myPlayer.catalog.get({
          type: 'video',
          id: '6015247091001',
          bcovAuthToken: 'your jwt token',
          adConfigId: 'your ad configuration id'
        })
          .then(function(videoReturned){
            myPlayer.catalog.load(videoReturned);
          })
          .catch(function(err){
            console.log('err:', err);
          });
      })();
    </script>

    Using a custom implementation

    You may be using a custom implementation where you don't have the bcovAuthToken to set the value with the the catalog.get() method request. If you are using your own or a third-party player, you can use one of the following approaches to pass your token into the license request:

    • HTTP header: BCOV-Auth (Not supported for HLSe)
    • Cookie: bcov-auth (Not supported for HLSe)
    • Query parameter: bcov-auth (Only supported for HLSe) Must be appended to the master manifest url, instead of the license url

    Here is an example showing how to set the source.emeHeaders['BCOV-Auth'] attribute on the video object to the token. This inserts the emeHeader on each source AFTER the catalog request.

    <video-js id="myPlayerID"
      data-account="1507807800001"
      data-player="default"
      data-embed="default"
      controls
      data-application-id></video-js>
    <script src="//players.brightcove.net/1507807800001/default_default/index.min.js"></script>
    
    <script>
      (function() {
        var myPlayer = videojs.getPlayer('myPlayerID');
    
        myPlayer.catalog.get({
          type: 'video',
          id: '6015247091001'
        })
        .then(function(video){
          sources=video.sources;
    
          for (let i = 0; i < sources.length; i++) {
            const source = sources[i];
    
            // Only add the auth token as an eme header for DRM content
            if (your jwt token && source.key_systems) {
              source.emeHeaders = {
                  'BCOV-Auth': your jwt token
                };
            }
          }
            myPlayer.catalog.load(video);
          })
          .catch(function(err){
            console.log('err:', err);
          });
      })();
    </script>

    Page last updated on 19 Jun 2021