I’m trying to generate tokens. I wish it was simple like PEM certificate JWT tokens which is more secure than salt secret key based tokens.
My helper method looks like this so far
public static function generateWowzaToken(string $streamName, string $clientIP, int $expiry) {
$wowzaContentPath = self::getContentPath($streamName);
$wowzaSecureToken = config('video.wowzaTokenSecret');
$wowzaTokenPrefix = config('video.wowzaTokenPrefix');
$wowzaLiveApp = config('video.wowzaLiveApp');
//$wowzaContentPath = $wowzaLiveApp."/".$streamName."/".$streamName;
$wowzaSecureTokenStartTime = $wowzaTokenPrefix ."starttime=". time() ;
$wowzaSecureTokenEndTime = $wowzaTokenPrefix ."endtime=". (time() + $expiry );
$hashstr = $wowzaContentPath ."?". $clientIP ."&".$wowzaSecureToken ."&". $wowzaSecureTokenEndTime ."&". $wowzaSecureTokenStartTime;
$hash = hash(config('video.wowzaHashAlgorithm'), $hashstr , true);
$usableHash=strtr(base64_encode($hash), '+/', '-_');
return $wowzaSecureTokenEndTime."&".$wowzaSecureTokenStartTime."&".$wowzaTokenPrefix ."hash=$usableHash";
//$url = $wowzaContentURL ."?". $wowzaTokenPrefix ."=$usableHash";
}
And generates urls like
/live/livestream/livestream/playlist.m3u8?tendtime=1720999771&tstarttime=1720999471&thash=jY-nlnk-JEPsN7b-ASArtkdRvKUj6_ggIVwtcVd21VY73v9f9FxLpM9R4VNKAovCnGHuoQslF6gQktkp5xSysw==
Wowza isn’t accepting the connection and all I get is a log like this without an indication what the problem is
HTTPStreamerAdapterCupertinoStreamer.onPlaylist[live/livestream/livestream/playlist.m3u8?tendtime=1720999771&tstarttime=1720999471&thash=jY-nlnk-JEPsN7b-ASArtkdRvKUj6_ggIVwtcVd21VY73v9f9FxLpM9R4VNKAovCnGHuoQslF6gQktkp5xSysw==]: Session not accepted[1788740773]
My test token server config looks like
There are some Application level properties that might give you more info. All boolean. Set them to true
securityDebugLogRejections
securityDebugLogDetails
Also my remembrance of Secure Token is the tokens need to be starttime, endtime, etc. You seem to be using different URL params
ScottK
Streaming Video Consultant
scott@blankcanvas.video
Its really bonkers and confusing. Its alphabetical order therefore endtime then starttime. Many code examples do the same. A test tool to generate tokens might have been helpful. Ill try those log configs thanks.
I don’t think the order matters but looks like you have different named params. (tstarttime versus and starttime)
It gives me this. The hash created is different but not explaining what its using for hashing
[live/livestream]ModuleCoreSecurity:hashCalculated: HK_0tcXAcK41K-26OLgAP-
hashed: live/livestream/livestream?127.0.0.1&QD916610KDolfi4nafEiUdOhAiPG2vfVGEOPFpLGWPVSMZPB&tendtime=0&tstarttime=0
[live/livestream]SecureTokenDef:Hash o9YEfaZhWbYWHb-hbSpXvvvUdG8jWm9lACrLwxNq62IQxJ1HPADcBoC27z5X7rff-qFo9M9RhldYi8fqt_ojvQ==, doesn’t match hash calculated, HK_0tcXAcK41K-26OLgAP-E3TpjpfLATYHpn0jvC2_USyHZwL6daJm9oagauh_mUdneEB4dtlJJ2dfIzn5S0bw==
tstarttime is the token prefix of t and starttime. That is also what it’s hashing. My side is the same hashing path.
live/livestream/livestream?127.0.0.1&QD916610KDolfi4nafEiUdOhAiPG2vfVGEOPFpLGWPVSMZPB&tendtime=0&tstarttime=0
never mind. Im sorry. The content path wasnt being generated for the hash due to not returning it ! it looks like this now
live/livestream/livestream?127.0.0.1&QD916610KDolfi4nafEiUdOhAiPG2vfVGEOPFpLGWPVSMZPB&tendtime=0&tstarttime=0sha512
class Helper
{
public static function generateWowzaToken(string $streamName, string $clientIP, int $expiry) {
$wowzaContentPath = self::getContentPath($streamName);
$wowzaSecureToken = config('video.wowzaTokenSecret');
$wowzaTokenPrefix = config('video.wowzaTokenPrefix');
$wowzaLiveApp = config('video.wowzaLiveApp');
//$wowzaContentPath = $wowzaLiveApp."/".$streamName."/".$streamName;
//$wowzaSecureTokenStartTime = $wowzaTokenPrefix ."starttime=". time() ;
//$wowzaSecureTokenEndTime = $wowzaTokenPrefix ."endtime=". (time() + $expiry );
$wowzaSecureTokenStartTime = $wowzaTokenPrefix ."starttime=0";
$wowzaSecureTokenEndTime = $wowzaTokenPrefix ."endtime=0";
$hashstr = $wowzaContentPath ."?". $clientIP ."&".$wowzaSecureToken ."&". $wowzaSecureTokenEndTime ."&". $wowzaSecureTokenStartTime;
//$hashstr = $wowzaContentPath ."?". $clientIP ."&".$wowzaSecureToken ."&". $wowzaSecureTokenStartTime ."&". $wowzaSecureTokenEndTime;
print($hashstr);
print(config('video.wowzaHashAlgorithm'));
$hash = hash(config('video.wowzaHashAlgorithm'), $hashstr , true);
$usableHash=strtr(base64_encode($hash), '+/', '-_');
return $wowzaSecureTokenEndTime."&".$wowzaSecureTokenStartTime."&".$wowzaTokenPrefix ."hash=$usableHash";
//$url = $wowzaContentURL ."?". $wowzaTokenPrefix ."=$usableHash";
}
public static function getContentPath(string $streamName) {
return config('video.wowzaLiveApp').'/'.$streamName.'/'.$streamName;
}
}
Ah by mistake – forgot about that. The default is “wowzatoken” and you are using “t”
