From b7d5891303ebd9dd615ff23a76621c7d8ae34d67 Mon Sep 17 00:00:00 2001 From: Rachel Fitzpatrick Date: Wed, 30 Oct 2024 13:55:05 +1100 Subject: [PATCH 1/3] document restrictions on SST fields --- jwt.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/jwt.md b/jwt.md index 6f7868e..35b9ce0 100644 --- a/jwt.md +++ b/jwt.md @@ -62,4 +62,12 @@ For other tracking examples, read [here](./tracking.md) "iat": 1673600857 } ``` -``` + +## Payload Restrictions + +The following restrictions apply to the payload. + +* The `streamName` is limited to 128 characters. +* The total number of `allowedOrigins` on the SST and the parent subscribe token is limited to 10. The total character count of all `allowedOrigins` may not exceed 200. +* The total number of `allowedIpAddresses` on the SST and the parent subscribe token is limited to 25. +* The `trackingId` is limited to 64 characters. \ No newline at end of file From 59863d32691cd33f8ae0d0196301188ccd4c75d8 Mon Sep 17 00:00:00 2001 From: Rachel Fitzpatrick Date: Tue, 5 Nov 2024 15:31:40 +1100 Subject: [PATCH 2/3] add SST restrictions to code comments --- .../streaming/selfsignjwt/Auth0TokenGenerator.java | 8 ++++---- src/nodejs/node-tokengenerator/TokenGenerator.mjs | 14 +++++++------- src/python/py-token-generator/token_generator.py | 8 ++++---- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/src/java/Maven.TokenGenerator/src/main/java/io/dolby/streaming/selfsignjwt/Auth0TokenGenerator.java b/src/java/Maven.TokenGenerator/src/main/java/io/dolby/streaming/selfsignjwt/Auth0TokenGenerator.java index 477240e..1a83017 100644 --- a/src/java/Maven.TokenGenerator/src/main/java/io/dolby/streaming/selfsignjwt/Auth0TokenGenerator.java +++ b/src/java/Maven.TokenGenerator/src/main/java/io/dolby/streaming/selfsignjwt/Auth0TokenGenerator.java @@ -20,11 +20,11 @@ public Auth0TokenGenerator(String hmacAlg) { * Creates a Self Signed JWT using data found in the Master Subscribe Token * @param tokenId The tokenID of the master subscribe token * @param tokenString The actual token string from the master subscribe token. This will be used to sign the Self Signed JWT. - * @param streamName The stream name the SST is eligible for. This should be the stream name from the Master Subscribe Token - * @param allowedOrigins Optional. The Allowed Origins for the Self Signed JWT. - * @param allowedIpAddresses Optional. The allowed IP Addresses allowed for viewing with the Self Signed Token. + * @param streamName The stream name the SST is eligible for. This should be the stream name from the Master Subscribe Token. StreamNames are limited to 128 characters. + * @param allowedOrigins Optional. The Allowed Origins for the Self Signed JWT. Maximum of 10. + * @param allowedIpAddresses Optional. The allowed IP Addresses allowed for viewing with the Self Signed Token. Maximum of 25. * @param expiresIn The expiry time for the Self Signed JWT. - * @param tracking Optional when Master Subscribe Token does not have tracking. This helps track the SST and it's usage. + * @param tracking Optional when Master Subscribe Token does not have tracking. This helps track the SST and it's usage. TrackingId is limited to 64 characters. * @return The Self Signed Token JWT. */ public String createToken(long tokenId, String tokenString, String streamName, List allowedOrigins, List allowedIpAddresses, int expiresIn, Tracking tracking) { diff --git a/src/nodejs/node-tokengenerator/TokenGenerator.mjs b/src/nodejs/node-tokengenerator/TokenGenerator.mjs index 8db6581..5da1fb8 100644 --- a/src/nodejs/node-tokengenerator/TokenGenerator.mjs +++ b/src/nodejs/node-tokengenerator/TokenGenerator.mjs @@ -19,13 +19,13 @@ export default class TokenGenerator { /** * - * @param {number} tokenId - * @param {string} token - * @param {string} streamName - * @param {string[]=} allowedOrigins - * @param {string[]=} allowedIpAddresses - * @param {Tracking} tracking - * @param {?number} [expiresIn = 60] + * @param {number} tokenId - The tokenID of the master subscribe token + * @param {string} token - The actual token string from the master subscribe token. This will be used to sign the Self Signed JWT. + * @param {string} streamName - The stream name the SST is eligible for. This should be the stream name from the Master Subscribe Token. StreamNames are limited to 128 characters. + * @param {string[]=} allowedOrigins - Optional. The Allowed Origins for the Self Signed JWT. Maximum of 10. + * @param {string[]=} allowedIpAddresses - Optional. The allowed IP Addresses allowed for viewing with the Self Signed Token. Maximum of 25. + * @param {Tracking} tracking - Optional when Master Subscribe Token does not have tracking. This helps track the SST and it's usage. TrackingId is limited to 64 characters. + * @param {?number} [expiresIn = 60] - The expiry time for the Self Signed JWT. * @param {?string} customViewerData - Viewer data associated with connections using this token. Max length: 1024 * @returns {string} */ diff --git a/src/python/py-token-generator/token_generator.py b/src/python/py-token-generator/token_generator.py index ae093b5..dbf48bf 100644 --- a/src/python/py-token-generator/token_generator.py +++ b/src/python/py-token-generator/token_generator.py @@ -22,10 +22,10 @@ def create_token(self, token_id: int, token: str, stream_name: str, tracking: Tr :Parameters: - `token_id`: ID to be specified in the token. - `token_string`: Key to use in order to sign the token. - - `stream_name`: Stream name to be specified in the token. - - `allowed_origins`: Origins to be allowed for this token. - - `allowed_ip_addresses`: Origins to be allowed for this token. - - `tracking` : Tracking information + - `stream_name`: Stream name to be specified in the token. Limited to 128 characters. + - `allowed_origins`: Origins to be allowed for this token. Maximum of 10. + - `allowed_ip_addresses`: IP Addresses to be allowed for this token. Maximum of 25. + - `tracking` : Tracking information. TrackingId is limited to 64 characters. - `expires_in`: Number of seconds before token expires. :Returns: From 80079cfebcdf7ccd77f5d3dcfe817b9dc0461820 Mon Sep 17 00:00:00 2001 From: Rachel Fitzpatrick Date: Fri, 14 Feb 2025 14:53:11 +1100 Subject: [PATCH 3/3] revise sst field limits --- jwt.md | 4 ++-- .../io/dolby/streaming/selfsignjwt/Auth0TokenGenerator.java | 2 +- src/nodejs/node-tokengenerator/TokenGenerator.mjs | 2 +- src/python/py-token-generator/token_generator.py | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/jwt.md b/jwt.md index 35b9ce0..0ab2eef 100644 --- a/jwt.md +++ b/jwt.md @@ -68,6 +68,6 @@ For other tracking examples, read [here](./tracking.md) The following restrictions apply to the payload. * The `streamName` is limited to 128 characters. -* The total number of `allowedOrigins` on the SST and the parent subscribe token is limited to 10. The total character count of all `allowedOrigins` may not exceed 200. +* The total number of `allowedOrigins` on the SST and the parent subscribe token is limited to 10. The total character count of all `allowedOrigins` may not exceed 800. * The total number of `allowedIpAddresses` on the SST and the parent subscribe token is limited to 25. -* The `trackingId` is limited to 64 characters. \ No newline at end of file +* The `trackingId` is limited to 128 characters. \ No newline at end of file diff --git a/src/java/Maven.TokenGenerator/src/main/java/io/dolby/streaming/selfsignjwt/Auth0TokenGenerator.java b/src/java/Maven.TokenGenerator/src/main/java/io/dolby/streaming/selfsignjwt/Auth0TokenGenerator.java index 1a83017..9775cad 100644 --- a/src/java/Maven.TokenGenerator/src/main/java/io/dolby/streaming/selfsignjwt/Auth0TokenGenerator.java +++ b/src/java/Maven.TokenGenerator/src/main/java/io/dolby/streaming/selfsignjwt/Auth0TokenGenerator.java @@ -24,7 +24,7 @@ public Auth0TokenGenerator(String hmacAlg) { * @param allowedOrigins Optional. The Allowed Origins for the Self Signed JWT. Maximum of 10. * @param allowedIpAddresses Optional. The allowed IP Addresses allowed for viewing with the Self Signed Token. Maximum of 25. * @param expiresIn The expiry time for the Self Signed JWT. - * @param tracking Optional when Master Subscribe Token does not have tracking. This helps track the SST and it's usage. TrackingId is limited to 64 characters. + * @param tracking Optional when Master Subscribe Token does not have tracking. This helps track the SST and it's usage. TrackingId is limited to 128 characters. * @return The Self Signed Token JWT. */ public String createToken(long tokenId, String tokenString, String streamName, List allowedOrigins, List allowedIpAddresses, int expiresIn, Tracking tracking) { diff --git a/src/nodejs/node-tokengenerator/TokenGenerator.mjs b/src/nodejs/node-tokengenerator/TokenGenerator.mjs index 5da1fb8..c4ea6b7 100644 --- a/src/nodejs/node-tokengenerator/TokenGenerator.mjs +++ b/src/nodejs/node-tokengenerator/TokenGenerator.mjs @@ -24,7 +24,7 @@ export default class TokenGenerator { * @param {string} streamName - The stream name the SST is eligible for. This should be the stream name from the Master Subscribe Token. StreamNames are limited to 128 characters. * @param {string[]=} allowedOrigins - Optional. The Allowed Origins for the Self Signed JWT. Maximum of 10. * @param {string[]=} allowedIpAddresses - Optional. The allowed IP Addresses allowed for viewing with the Self Signed Token. Maximum of 25. - * @param {Tracking} tracking - Optional when Master Subscribe Token does not have tracking. This helps track the SST and it's usage. TrackingId is limited to 64 characters. + * @param {Tracking} tracking - Optional when Master Subscribe Token does not have tracking. This helps track the SST and it's usage. TrackingId is limited to 128 characters. * @param {?number} [expiresIn = 60] - The expiry time for the Self Signed JWT. * @param {?string} customViewerData - Viewer data associated with connections using this token. Max length: 1024 * @returns {string} diff --git a/src/python/py-token-generator/token_generator.py b/src/python/py-token-generator/token_generator.py index dbf48bf..aed2f75 100644 --- a/src/python/py-token-generator/token_generator.py +++ b/src/python/py-token-generator/token_generator.py @@ -25,7 +25,7 @@ def create_token(self, token_id: int, token: str, stream_name: str, tracking: Tr - `stream_name`: Stream name to be specified in the token. Limited to 128 characters. - `allowed_origins`: Origins to be allowed for this token. Maximum of 10. - `allowed_ip_addresses`: IP Addresses to be allowed for this token. Maximum of 25. - - `tracking` : Tracking information. TrackingId is limited to 64 characters. + - `tracking` : Tracking information. TrackingId is limited to 128 characters. - `expires_in`: Number of seconds before token expires. :Returns: