I have a use case where a certain published URL that is used to access any stream from an application, should be protected with playback security (url token/hashing) while other should just pass though.
I copied an Application that had working Playback Security on it, and removed the shared secret property from that. I also enabled a very simple custom module which defines an onConnect method. I am able to use client.getUri to obtain the published URL I am looking for, but I am wondering what the best approach would be to using the built in URL hashing module.
I noticed that when enabling the Token Hashing Playback Security, the property that seems to be required for default protection to initiate, seems to be ‘securitySecureTokenSharedSecret’. My plan was to use this as a swtich to enable/disable ModuleCoreSecurity from performing the hash check on a stream in a custom onConnect module method.
Basically:
if: URL == SpecificValue, then toggle the securitySecureTokenSharedSecret property so that ModuleCoreSecurity can use that to hash the url and accept/reject (making sure this value only persists per connection would also be important)
else: All others would not be subject to a url hashing check.
Would I be better of trying to create a new invocation of the ModuleCoreSecurity, initiating it with all the properties and attempting to invoke the same calls that the built in product would use? Can this approach be truly handled by only an onConnect method, or do I need to perform some actions at the appStart as well?