Skip to main content

Authentication

Authentication for Vindral is done using the secret provided for you in Vindral Portal and using that secret to sign a JWT with the allowed channel group or channel. An optional expiration can also be set.

The secret provided in the Portal should never be available to users and only be hosted securely on your own server.

The token can then be supplied when creating the Vindral instance—passing the token as authenticationToken in the constructor options.

If the token is close to expiration, you can refresh the token by calling .updateAuthToken(token) on the Vindral instance with an established connection.

Errors will be emitted upon expiration or rejection and can be expected to have AUTHENTICATION_FAILED_CODE or AUTHENTICATION_EXPIRED_CODE as exported by the errors module.

Examples

Example signing a token using jsonwebtoken with Typescript for single channel use

import { sign } from "jsonwebtoken"

const expiresAfterSeconds = 60 * 60 * 2
// Get real secret from customer panel interface
const secret = "75442486-0878-440c-9db1-a7006c25a39f"
const authenticationToken = sign(
  {
    channelId,
    scope: {
      playout: true,
    },
    exp: Math.round(Date.now() / 1000 + expiresAfterSeconds),
  },
  secret
)

Example signing a token using jsonwebtoken with Typescript for use with a channel group

import { sign } from "jsonwebtoken"

const expiresAfterSeconds = 60 * 60 * 2
// Get real secret from customer panel interface
const secret = "75442486-0878-440c-9db1-a7006c25a39f"
const authenticationToken = sign(
  {
    channelGroupId,
    exp: Math.round(Date.now() / 1000 + expiresAfterSeconds),
  },
  secret
)

Example using a token using typescript

const vindral = new Vindral({
  authenticationToken: "your_signed_token",
  url: "https://lb.cdn.vindral.com",
  channelId: "your_channel_id",
})
vindral.on("error", (error) => {
  switch (error.code()) {
    case AUTHENTICATION_FAILED_CODE:
      // Handle failed authentication
      showNotAllowedError()
      break
    case AUTHENTICATION_EXPIRED_CODE: {
      // Handle expired authentication
      const token = getAuthenticationToken()
      vindral.updateAuthenticationToken(token)
      break
    }
    default:
      break
  }
})

Further reading

For examples of libraries and more general information regarding JWT, see this site.