Token Generation for delivering content via Akamai's AMD/DD has been one of the herculean tasks for customers. This is due to overhead and incompatibility issues of setting up and running the Token Generation SDK at the Customer's Infrastructure. Additionally weaker security at TokenGen endpoint has caused Video Piracy to spike up. Token Generation at Edgeworkers is aimed to solve the aforementioned problems along with handling the scale and security for Token Generation.
- Uses JWT Tokens for Authorization of the Users.
- Uses EdgeKV of Akamai which is a Key-Value database.
- Framework to plugin additional Entitlement Checks
Configure the Segmented Media Protection Behavior in case of AMD/DD/OD or Auth Token 2.0 Verification in case of Web Products along with the Encryption Key.
If you want to manage keys in EKV, you can create a EdgeKV and Upload the keys. More about EdgeKV here
akamai edgekv init
akamai edgekv create ns staging tokenAuth --retention 90 --accountkey B-M-28QYF3M
akamai edgekv write text staging tokenAuth grp1 partner1 "b6e9bb9361116402c8e0ee6de2eb2ec6"
akamai edgekv write text staging tokenAuth grp1 partner2 "9de7fb24dd6811ea87d00242ac130003"
If you donot want to use the EdgeKV, then you can upload the keys to different partners in the main.js file in a json dict
let keySet = {
partner1: "b6e9bb9361116402c8e0ee6de2eb2ec1",
partner2: "337b571d2266cb95bb1b42584b14c174",
partner3: "b6e9bb9361116402c8e0ee6de2eb2ec2",
};
Enter the JWT Public Keyset to the main.js file to ensure that JWT token gets validated. //JWT publickeyset const jwksPublicKey = { kty: "RSA", e: "AQAB", use: "sig", kid: "test-rs256", alg: "RS256", n: "824A0aqWnPhKBy8PBqvumTJ8QT4QQXVy7ojB2fXUV0YJ3hjXa0S_1L-wScR4fnFCB83stJVl89QGoYwqNzOJOw", };
tar -czvf tokenAuth.tgz main.js bundle.json rfc4648/* jwt-validator/* crypto-es/* edgekv.js edgekv_tokens.js utils/*
akamai edgeworkers upload --bundle tokenAuth.tgz 6424
akamai edgeworkers activate 6424 STAGING 2.0
akamai edgeworkers activate 6424 PRODUCTION 2.0
Generate the ACL Token for Partner2 . Pass the Authorization Header.
Request
curl 'http://token.ageekwrites.tech/tg?tokenFor=partner2' -H 'Connection: keep-alive' -H 'Pragma: akamai-x-ew-debug, akamai-x-ew-debug-rp' --compressed --insecure -H "Host:token.ageekwrites.tech" --verbose -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.fHnA09dGcktdK7cDE3p3aqB1BHBDdmt-DkI3wgk6PZpLEJxCmCsi7DamHdj_rQMMnkVG2YyiSHBQRHqHDLBlZw"
Response
{"tokenvalue":"st=1629452072~exp=1629452372~acl=/*~hmac=d7580c326618a78f12f1b108445468d5fd43ebb6d4e5a99c05ec3be433c02838"}
Generate the URL Token for Partner2. Pass the Authorization Header.
Request
curl 'http://token.ageekwrites.tech/tg?tokenFor=partner2' -H 'Connection: keep-alive' -H 'Pragma: akamai-x-ew-debug, akamai-x-ew-debug-rp' --compressed --insecure -H "Host:token.ageekwrites.tech" --verbose -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.fHnA09dGcktdK7cDE3p3aqB1BHBDdmt-DkI3wgk6PZpLEJxCmCsi7DamHdj_rQMMnkVG2YyiSHBQRHqHDLBlZw" -H "urlpath:/a/b/c/master.m3u8
Response
{"tokenvalue":"st=1629452415~exp=1629452715~hmac=d993e363f229bdc78c08516beddd2f9c0ee385cf20dda90d11551a7c99f8ad89"}