Controlling Playback with the Ooyala Player Token
You can authorize playback using the Ooyala Player Token. (Available only if your Ooyala account includes this functionality. To enable Ooyala Player Token, contact your account manager.)
Set the Token Expiration Time. You need to set an expiration time for the Playback Token in your Backlot Syndication tab. Note that this expiration time is independent of the token request expiration time. Its function is to specify how long the token (client-side cookie, issued by Ooyala) will be valid, and it controls the viewer’s access to authorized players for the specified interval. space.
Embed the URL to Issue Authorization. When the crafted token request URL is forwarded to the player, Ooyala’s authorization response will do the following:
- Set a unique cookie on the user’s browser containing the token object.
- Send an authorization/no-authorization decision.
- Playback Authorization. Before the video starts playing, the Ooyala player sends the authentication request and receives the token. When the authorization server validates the URL, it authorizes playing the content. The authorization is in effect until the session expires. If the session expires, the viewer needs to refresh the browser.
Two Types of Expiration Times
- One expiration time on the token request (the URL that will be embedded on the page—adjustable by the provider’s server-side implementation). Use a short expiration time on the URL snippet so that the snippet cannot be replicated across other domains (it can be embedded, but will become nonfunctional).
- The other expiration time on the token object itself (a secure cookie, with its expiry time adjustable through your Backlot account). A longer expiration time may be set (if desirable) on the cookie object, since the Same Origin Policy protects its distribution.
Combining the Ooyala Token with Other Content Authorization Types
- Ooyala's Rights Locker entitlement enforcement system
- Ooyala's device registration system
- A CDN token to prevent unauthorized sharing of a direct link to an Real Time Messaging Protocol (RTMP) stream.
- Encrypted delivery (such as RTMPE or HLS AES Encryption) to prevent recording of a stream.
- DRM Technologies (such as Flash Access) to enforce usage rights on content.