millicast · rhfitz · Oct 30, 2024 · Nov 5, 2024 · Feb 14, 2025
diff --git a/jwt.md b/jwt.md
@@ -62,4 +62,12 @@ For other tracking examples, read [here](./tracking.md)
   "iat": 1673600857
 }
 ```
-```
+
+## Payload Restrictions
+
+The following restrictions apply to the payload.
+
+* The `streamName` is limited to 128 characters.
+* The total number of `allowedOrigins` on the SST and the parent subscribe token is limited to 10. The total character count of all `allowedOrigins` may not exceed 800.
+* The total number of `allowedIpAddresses` on the SST and the parent subscribe token is limited to 25.
+* The `trackingId` is limited to 128 characters.
diff --git a/...aven.TokenGenerator/src/main/java/io/dolby/streaming/selfsignjwt/Auth0TokenGenerator.java b/...aven.TokenGenerator/src/main/java/io/dolby/streaming/selfsignjwt/Auth0TokenGenerator.java
@@ -20,11 +20,11 @@ public Auth0TokenGenerator(String hmacAlg) {
      * Creates a Self Signed JWT using data found in the Master Subscribe Token
      * @param tokenId The tokenID of the master subscribe token
      * @param tokenString The actual token string from the master subscribe token. This will be used to sign the Self Signed JWT.
-     * @param streamName The stream name the SST is eligible for. This should be the stream name from the Master Subscribe Token
-     * @param allowedOrigins Optional. The Allowed Origins for the Self Signed JWT.
-     * @param allowedIpAddresses Optional. The allowed IP Addresses allowed for viewing with the Self Signed Token.
+     * @param streamName The stream name the SST is eligible for. This should be the stream name from the Master Subscribe Token. StreamNames are limited to 128 characters.
+     * @param allowedOrigins Optional. The Allowed Origins for the Self Signed JWT. Maximum of 10.
+     * @param allowedIpAddresses Optional. The allowed IP Addresses allowed for viewing with the Self Signed Token. Maximum of 25.
      * @param expiresIn The expiry time for the Self Signed JWT.
-     * @param tracking Optional when Master Subscribe Token does not have tracking. This helps track the SST and it's usage.
+     * @param tracking Optional when Master Subscribe Token does not have tracking. This helps track the SST and it's usage. TrackingId is limited to 128 characters.
      * @return The Self Signed Token JWT.
      */
     public String createToken(long tokenId, String tokenString, String streamName, List<String> allowedOrigins, List<String> allowedIpAddresses, int expiresIn, Tracking tracking) {

diff --git a/src/nodejs/node-tokengenerator/TokenGenerator.mjs b/src/nodejs/node-tokengenerator/TokenGenerator.mjs
@@ -19,13 +19,13 @@ export default class TokenGenerator {
 
   /**
    *
-   * @param {number} tokenId
-   * @param {string} token
-   * @param {string} streamName
-   * @param {string[]=} allowedOrigins
-   * @param {string[]=} allowedIpAddresses
-   * @param {Tracking} tracking
-   * @param {?number} [expiresIn = 60]
+   * @param {number} tokenId - The tokenID of the master subscribe token
+   * @param {string} token - The actual token string from the master subscribe token. This will be used to sign the Self Signed JWT.
+   * @param {string} streamName - The stream name the SST is eligible for. This should be the stream name from the Master Subscribe Token. StreamNames are limited to 128 characters.
+   * @param {string[]=} allowedOrigins - Optional. The Allowed Origins for the Self Signed JWT. Maximum of 10.
+   * @param {string[]=} allowedIpAddresses - Optional. The allowed IP Addresses allowed for viewing with the Self Signed Token. Maximum of 25.
+   * @param {Tracking} tracking - Optional when Master Subscribe Token does not have tracking. This helps track the SST and it's usage. TrackingId is limited to 128 characters.
+   * @param {?number} [expiresIn = 60] - The expiry time for the Self Signed JWT.
    * @param {?string} customViewerData - Viewer data associated with connections using this token. Max length: 1024
    * @returns {string}
    */

diff --git a/src/python/py-token-generator/token_generator.py b/src/python/py-token-generator/token_generator.py
@@ -22,10 +22,10 @@ def create_token(self, token_id: int, token: str, stream_name: str, tracking: Tr
         :Parameters:
         - `token_id`: ID to be specified in the token.
         - `token_string`: Key to use in order to sign the token.
-        - `stream_name`: Stream name to be specified in the token.
-        - `allowed_origins`: Origins to be allowed for this token.
-        - `allowed_ip_addresses`: Origins to be allowed for this token.
-        - `tracking` : Tracking information
+        - `stream_name`: Stream name to be specified in the token. Limited to 128 characters.
+        - `allowed_origins`: Origins to be allowed for this token. Maximum of 10.
+        - `allowed_ip_addresses`: IP Addresses to be allowed for this token. Maximum of 25.
+        - `tracking` : Tracking information. TrackingId is limited to 128 characters.
         - `expires_in`: Number of seconds before token expires.
 
         :Returns: