Using Playback Authorization DRM with the Brightcove Player

In this topic, you will learn how to configure Brightcove Player to use Brightcove's Playback Authorization Service.

Introduction

Brightcove's Playback Authorization Service (PAS) offers an extra level of security when using Dynamic Delivery with DRM-protected or HTTP Live Streaming Encryption (HLSe) content. With PAS, license requests will be authenticated using a signed JSON Web Token (JWT). The token is used when requesting the video license, once the video has been loaded to the player and the source has been selected.

This document focuses on using PAS with Brightcove Player. For more information about PAS in general, see the Overview: DRM with Playback Authorization Service document.

Overview

To configuring Brightcove Player to use PAS, pass a token parameter when making the catalog request for the video. The code will be shown in the next section. To be sure you have the pre-requisites to understand the code, the concepts in the following documents will help provide a base on which to build:

Using a token in the catalog parameters

This section details the code needed to configure the player to use PAS. To do this, pass a string token as part of a catalog parameters object, using the property name bcovAuthToken.

This approach will work for both DRM as well as HLSe. The player will detect the type of source being loaded from the Playback API and provide the correct implementation for that source.

This sample implementation code uses the catalog.get() method to request the video while supplying the token (which would need to replace the <BCOV_AUTH_TOKEN> placeholder). Be sure NOT to include the video ID in the <video-js> tag.

<video-js id="myPlayerID"
  data-account="1507807800001"
  data-player="default"
  data-embed="default"
  controls
  data-application-id></video-js>
<script src="//players.brightcove.net/1507807800001/default_default/index.min.js"></script>

<script>
  (function() {
    var myPlayer = videojs.getPlayer('myPlayerID');

    myPlayer.catalog.get({
      type: 'video',
      id: '6015247091001',
      bcovAuthToken: '<BCOV_AUTH_TOKEN>'
    })
      .then(function(videoReturned){
        myPlayer.catalog.load(videoReturned);
      })
      .catch(function(err){
        console.log('err:', err);
      });
  })();
</script>

SSAI configuration

If you are going to use PAS with SSAI, there is one small configuration addition that needs to be done. An addition parameter needs to be added to the catalog parameters object, named adConfigId.

<video-js id="myPlayerID"
  data-account="1507807800001"
  data-player="default"
  data-embed="default"
  controls
  data-application-id></video-js>
<script src="//players.brightcove.net/1507807800001/default_default/index.min.js"></script>

<script>
  (function() {
    var myPlayer = videojs.getPlayer('myPlayerID');

    myPlayer.catalog.get({
      type: 'video',
      id: '6015247091001',
      bcovAuthToken: 'BCOV_AUTH_TOKEN',
      adConfigId: '<YOUR_ADD_CONFIG_ID>'
    })
      .then(function(videoReturned){
        myPlayer.catalog.load(videoReturned);
      })
      .catch(function(err){
        console.log('err:', err);
      });
  })();
</script>

Using a custom implementation

You may be using a custom implementation where you don't have the bcovAuthToken to set the value with the the catalog.get() method request. If you are using your own or a third-party player, you can use one of the following approaches to pass your token into the license request:

  • HTTP header: BCOV-Auth (Not supported for HLSe)
  • Cookie: bcov-auth (Not supported for HLSe)
  • Query parameter: bcov-auth (Only supported for HLSe) Must be appended to the master manifest url, instead of the license url.

Here is an example showing how to set the source.emeHeaders['BCOV-Auth'] attribute on the video object to the token. This inserts the emeHeader on each source AFTER the catalog request.

<video-js id="myPlayerID"
  data-account="1507807800001"
  data-player="default"
  data-embed="default"
  controls
  data-application-id></video-js>
<script src="//players.brightcove.net/1507807800001/default_default/index.min.js"></script>

<script>
  (function() {
    var myPlayer = videojs.getPlayer('myPlayerID');

    myPlayer.catalog.get({
      type: 'video',
      id: '6015247091001'
    })
    .then(function(video){
      sources=video.sources;

      for (let i = 0; i < sources.length; i++) {
        const source = sources[i];

        // Only add the auth token as an eme header for DRM content
        if (BCOV_AUTH_TOKEN && source.key_systems) {
          source.emeHeaders = {
              'BCOV-Auth': BCOV_AUTH_TOKEN
            };
        }
      }
        myPlayer.catalog.load(video);
      })
      .catch(function(err){
        console.log('err:', err);
      });
  })();
</script>