Wowza Community

SecureToken between client & server

Wowza Streaming Engine

Avi_Ortas April 26, 2016, 2:10pm 1

Hello All,

I need your help which i didnt success since yesterday to implement this option I am trying to do client-server auth with SecureToken hashing but I am always getting 403 acces denied error. I referenced below link but didnt success

https://www.wowza.com/docs/how-to-protect-streaming-using-securetoken-in-wowza-streaming-engine

ApplicationName = LiveStream

StreamName = myStream

Hash Prefix= live

blabla.com/LiveStream/myStream?livehash=XXX

in which algortihm what should i hash ? Please help me if you have any solution on this issue for better understanding.

Paul_Shields April 26, 2016, 3:24pm 2

Hi,

Once you’ve configured your Secure Token settings in Wowza Streaming Engine then you need to generate your hash on the client. As an example using PHP to create a hash to play sample.mp4 in the vod application

Set some variables:

[php]

$clientIP = “null”; // specify an IP address if set in Secure Token in Engine

$host = “wowza-ip”; // your ip/host

$url= “rtmp://”.$host.":1935/"; // this is an example for RTMP streams

$stream = “vod/definst/mp4:sample.mp4”; // your stream

$start = time(); // token is valid from time of hash generation

$end = strtotime("+30 minutes"); // token will expire in 30 minutes

$secret = “abcde”; // secret as defined in Engine

$tokenName = “wowzatoken”; // token as defined in Engine

[/php]

Calculate the hash (using sha384 or change to what is set in Wowza)

[php]

$hash = “”;

if(is_null($clientIP)){

$hash = hash(‘sha384’, $stream."?".$secret."&{$tokenName}endtime=".$end."&{$tokenName}starttime=".$start, true); // generate the hash string

}

else {

$hash = hash(‘sha384’, $stream."?".$clientIP."&".$secret."&{$tokenName}endtime=".$end."&{$tokenName}starttime=".$start, true); // generate the hash string

}

$base64Hash = strtr(base64_encode($hash), ‘+/’, ‘-_’); $params = array("{$tokenName}starttime=".$start, “{$tokenName}endtime=”.$end, “{$tokenName}hash=”.$base64Hash);

if(!is_null($clientIP)){

$params[] = $clientIP;

}

sort($params); $URL = $url.$stream."/playlist.m3u8?"; // determine if HLS or RTMP depending on $url

if(preg_match("/(rtmp)/",$url)){

$playbackURL = $url.$stream."?";

}

foreach($params as $entry){

$playbackURL.= $entry."&";

}

$URL = preg_replace("/(&)$/","", $playbackURL);

[/php]

This will create a $URL line similar to this:

rtmp://wowza-ip:1935/vod/_definst_/mp4:sample.mp4?192.168.1.4&wowzatokenendtime=1459767008&wowzatokenhash=y8Iuk-Lq5hIuD0NfLyShZe89T4OXHlqSDezhjqCsClIRS_NIi-SzNDaZQFTPvWwc&wowzatokenstarttime=1459765208

you should then be able to test playback, or extend the script to include a player, e.g. JWPlayer etc.

Paul

Hash generation using SecureToken version 2

Topic		Replies	Views	Activity
Wowza SecureToken version 2 configuration (?) Wowza Streaming Engine	4	3137	May 4, 2017
Article: How to protect streaming using SecureToken in Wowza Streaming Engine Wowza Streaming Engine server-administration	28	12870	May 17, 2020
SecureToken - Custom parameters how to Wowza Streaming Engine	4	2860	May 13, 2020
Hash generation using SecureToken version 2 Wowza Streaming Engine	14	8134	December 2, 2023
SecureToken protection in Wowza Streaming Engine - HLS example Wowza Streaming Engine	13	8214	June 5, 2020