TokenSecret Authentication

TokenSecret Authentication scheme is based on Level3.

Level 3 provide with simple Perl, PHP and CGI scripts to generate tokens Tokens are time limited with two parameters:

    stime = start time (not valid before this time)
    etime = end time (not valid after this time)

The format of these dates are: yyyymmddHHMMSS (eg: 20120424115300) and in UTC (date -u +%Y%m%d%H%M%S) They may be tied to an IP address by adding &ip=1.2.3.4 as an additional parameter (this is not supported by L3 though).

  • Use with Website Acceleration

Enabling Token based authentication for a Website Acceleration Domain by Access Control on the portal or API Create Access Control.

NOTE Authentication will not work on a Website Acceleration Domain that also has a redirection policy. As redirection policy will execute first.

  • Signature Algorithm Example
Basic URL: http://www.sample.com/path/to/resource?clientId=12345&product=A123&otherstuff=xyz

1. Remove protocol and hostname from the hash input leaving:

/path/to/resource?clientId=12345&product=A123&otherstuff=xyz

2. Add the time validity fields (these are required, not optional):

/path/to/resource?clientId=12345&product=A123&otherstuff=xyz&stime=20081201060100&etime=20081201183000

3. Calculate the result to an HMAC-SHA1 hash using the result of step 2 and the secret (generated and displayed in the Portal):

4. Build new URL:

http://www.sample.com/path/to/resource?clientId=12345&product=A123&otherstuff=xyz&stime=200812010601006&etime=20081201100100&encoded=0first20chars-of-hash
  • Example Python

This file should be saved as "get_url_with_auth.py" and usage as per comment in file:

""" 
This was tested with:
    export RESOURCE=/bentest0/benlfd/1cq9tu.jpg?clientId=12345&product=A123&other=xyz&stime=20170101000000&etime=20180101000000
    export SECRET=ibRgcWlEHWgrHfUBrmVTkJylfmFDifsDnvrmFnGZfJAiYSKMnEOhGNQYufhgnFID
    export HTTP_STUBB=http://edge.qa.swiftserve.com

Then the following command was run:
    curl -v "`python get_url_with_auth.py`" >/dev/null

NOTE: 
 For VODs, like /bentest/benvod/big_buck_bunny_480p_H264_AAC_25fps_1800K_short.MP4
 You need to use a RESOURCE something like: 

    export RESOURCE=/vod/bentest0/mp4:benvod/big_buck_bunny_480p_H264_AAC_25fps_1800K_short.MP4/playlist.m3u8?stime=20170101000000&etime=20180101000000

""" 

import hashlib
import hmac
import os

def generate_token(resource,secret_key):
    hmac_builder = hmac.new(secret_key, resource, hashlib.sha1)
    return "0%s" % (hmac_builder.hexdigest()[:20])

encoded = generate_token(os.environ['RESOURCE'], os.environ['SECRET'])
print os.environ['HTTP_STUB'] + os.environ['RESOURCE'] + "&encoded=" + encoded
  • Token encoded string generator

and can also use Swiftfederation portal(Access Control Section) to generate the signature by token secret.

           Updated 2023-09-27 02:27:53

results matching ""

    No results matching ""