Preventing Stream Sharing

Owned by JK Phenix
Last updated: May 27, 2022
2 min read

To prevent stream sharing, create and use EdgeAuth tokens that can be used only by specific user sessions (i.e., sessionId-specific EdgeAuth tokens). The session association is made on creation of the EdgeAuth streaming token.

EdgeAuth libraries are the recommended method for generating and issuing EdgeAuth tokens. For legacy and less common workflows, a REST API (now deprecated) can also generate tokens (see https://phenixrts.com/docs/api/). Please contact your primary Phenix technical support contact before implementing a workflow based on the REST API.

Since the session ID must already exist in order to be referenced by the EdgeAuth token for the stream, the following steps must be completed in the order shown.

Instructions

  1. Create an Auth token. The App connects to your EdgeAuth backend and receives the AuthToken.
    Initialize the SDK using withAuthenticationToken and call the TokenBuilder function with the "authenticationOnly" option.

  2. Receive the Auth callback. The App receives the authenticationCallback with the sessionId and authenticates.
    https://phenixrts.com/docs/android/low-level/#connect-and-authenticate
    https://phenixrts.com/docs/ios/low-level/#connect-and-authenticate
    https://phenixrts.com/docs/web/low-level/#connect-and-authenticate

  3. Create a streaming token. Pass the sessionId to the EdgeAuth backend to generate the streaming token.

  4. Use the streaming token to join a channel. This is documented here: 
    https://phenixrts.com/docs/android/#initializing
    https://phenixrts.com/docs/ios/#initializing
    https://phenixrts.com/docs/web/#initializing

In the backend, use the EdgeAuth library's TokenBuilder function to generate the streaming token, with the --sessionId option if using the command line, or "forSession" if calling the function from code.

If you are using ChannelExpress (recommended), you can subscribe to sessionId changes when first obtaining the session ID, for example:

channelExpress.getPCastExpress().getSessionIdObservable().subscribe(function (sessionID) { //check if null if(!sessionID) return // use sessionID to request streamToken here }, {initial: 'notify'});

If using PCastExpress API, use the getPcast method to get access to the low-level API and thus the sessionId: https://phenixrts.com/docs/android/#get-pcast
https://phenixrts.com/docs/ios/#get-pcast
https://phenixrts.com/docs/web/#get-pcast

©2020-2021 Phenix Real Time Solutions, Inc.