问题
I have a media services account and want to stream AES protected Dash content. I want to use the token given by AAD for this purpose. In the key/License authorizarion policy in the Azure portal, I am supplying the following values:
Token issuer: The values of the issuer is different in the token ("iss" claim: https://sts.windows.net/TenantID/) and in the discovery endpoint (https://login.microsoftonline.com/TenantID/v2.0). I have tried both of them separately.
Token scope: Herein, I am supplying the value of the "aud" claim in the token
Primary verification key: Herein, I am supplying the value of the "x5c" in the keys retrieved from the keys discovery endpoint, corresponding to "kid" in the token.
But when I run the code, I am still not able to decrypt the video and getting a 401 in the response to the keydelivery endpoint request.
Am I missing something here ?
回答1:
Got the solution. There is a claim (urn:microsoft:azure:mediaservices:contentkeyidentifier) required in the token. If this claim is not there, we might get 401 unauthorized. Can read more here
回答2:
I'm not sure if this blog post is up to date, but did you already review this blog from George? http://gtrifonov.com/2015/01/03/jwt-token-authentication-in-azure-media-services-and-dynamic-encryption/
If that does not help, I can put you in touch with the AMP player team as well.
来源:https://stackoverflow.com/questions/48315644/azure-media-services-content-protection-using-azure-active-directory-token