I’m trying to generate tokens. I wish it was simple like PEM certificate JWT tokens which is more secure than salt secret key based tokens.

My helper method looks like this so far

public static function generateWowzaToken(string $streamName, string $clientIP, int $expiry) {

    $wowzaContentPath = self::getContentPath($streamName);

    $wowzaSecureToken = config('video.wowzaTokenSecret');
    $wowzaTokenPrefix = config('video.wowzaTokenPrefix');
    $wowzaLiveApp = config('video.wowzaLiveApp');
    //$wowzaContentPath = $wowzaLiveApp."/".$streamName."/".$streamName;
    $wowzaSecureTokenStartTime = $wowzaTokenPrefix  ."starttime=". time() ;
    $wowzaSecureTokenEndTime = $wowzaTokenPrefix  ."endtime=". (time() + $expiry );
    $hashstr = $wowzaContentPath ."?". $clientIP ."&".$wowzaSecureToken ."&". $wowzaSecureTokenEndTime ."&". $wowzaSecureTokenStartTime;


    $hash = hash(config('video.wowzaHashAlgorithm'), $hashstr , true);

    $usableHash=strtr(base64_encode($hash), '+/', '-_');
    return $wowzaSecureTokenEndTime."&".$wowzaSecureTokenStartTime."&".$wowzaTokenPrefix ."hash=$usableHash";
    //$url = $wowzaContentURL ."?". $wowzaTokenPrefix ."=$usableHash";
}

And generates urls like

/live/livestream/livestream/playlist.m3u8?tendtime=1720999771&tstarttime=1720999471&thash=jY-nlnk-JEPsN7b-ASArtkdRvKUj6_ggIVwtcVd21VY73v9f9FxLpM9R4VNKAovCnGHuoQslF6gQktkp5xSysw==

Wowza isn’t accepting the connection and all I get is a log like this without an indication what the problem is

HTTPStreamerAdapterCupertinoStreamer.onPlaylist[live/livestream/livestream/playlist.m3u8?tendtime=1720999771&tstarttime=1720999471&thash=jY-nlnk-JEPsN7b-ASArtkdRvKUj6_ggIVwtcVd21VY73v9f9FxLpM9R4VNKAovCnGHuoQslF6gQktkp5xSysw==]: Session not accepted[1788740773]

My test token server config looks like

Screenshot 2024-07-15 0947201023×1370 77.5 KB

There are some Application level properties that might give you more info. All boolean. Set them to true

securityDebugLogRejections
securityDebugLogDetails

Also my remembrance of Secure Token is the tokens need to be starttime, endtime, etc. You seem to be using different URL params

ScottK
Streaming Video Consultant
scott@blankcanvas.video

Its really bonkers and confusing. Its alphabetical order therefore endtime then starttime. Many code examples do the same. A test tool to generate tokens might have been helpful. Ill try those log configs thanks.

I don’t think the order matters but looks like you have different named params. (tstarttime versus and starttime)

It gives me this. The hash created is different but not explaining what its using for hashing
[live/livestream]ModuleCoreSecurity:hashCalculated: HK_0tcXAcK41K-26OLgAP-

hashed: live/livestream/livestream?127.0.0.1&QD916610KDolfi4nafEiUdOhAiPG2vfVGEOPFpLGWPVSMZPB&tendtime=0&tstarttime=0

[live/livestream]SecureTokenDef:Hash o9YEfaZhWbYWHb-hbSpXvvvUdG8jWm9lACrLwxNq62IQxJ1HPADcBoC27z5X7rff-qFo9M9RhldYi8fqt_ojvQ==, doesn’t match hash calculated, HK_0tcXAcK41K-26OLgAP-E3TpjpfLATYHpn0jvC2_USyHZwL6daJm9oagauh_mUdneEB4dtlJJ2dfIzn5S0bw==

tstarttime is the token prefix of t and starttime. That is also what it’s hashing. My side is the same hashing path.

live/livestream/livestream?127.0.0.1&QD916610KDolfi4nafEiUdOhAiPG2vfVGEOPFpLGWPVSMZPB&tendtime=0&tstarttime=0

never mind. Im sorry. The content path wasnt being generated for the hash due to not returning it ! it looks like this now

live/livestream/livestream?127.0.0.1&QD916610KDolfi4nafEiUdOhAiPG2vfVGEOPFpLGWPVSMZPB&tendtime=0&tstarttime=0sha512

class Helper
{
public static function generateWowzaToken(string $streamName, string $clientIP, int $expiry) {

    $wowzaContentPath = self::getContentPath($streamName);

    $wowzaSecureToken = config('video.wowzaTokenSecret');
    $wowzaTokenPrefix = config('video.wowzaTokenPrefix');
    $wowzaLiveApp = config('video.wowzaLiveApp');
    //$wowzaContentPath = $wowzaLiveApp."/".$streamName."/".$streamName;
    //$wowzaSecureTokenStartTime = $wowzaTokenPrefix  ."starttime=". time() ;
    //$wowzaSecureTokenEndTime = $wowzaTokenPrefix  ."endtime=". (time() + $expiry );
    $wowzaSecureTokenStartTime = $wowzaTokenPrefix  ."starttime=0";
    $wowzaSecureTokenEndTime = $wowzaTokenPrefix  ."endtime=0";
    $hashstr = $wowzaContentPath ."?". $clientIP ."&".$wowzaSecureToken ."&". $wowzaSecureTokenEndTime ."&". $wowzaSecureTokenStartTime;
    //$hashstr = $wowzaContentPath ."?". $clientIP ."&".$wowzaSecureToken ."&". $wowzaSecureTokenStartTime ."&". $wowzaSecureTokenEndTime;

    print($hashstr);
    print(config('video.wowzaHashAlgorithm'));
    $hash = hash(config('video.wowzaHashAlgorithm'), $hashstr , true);

    $usableHash=strtr(base64_encode($hash), '+/', '-_');
    return $wowzaSecureTokenEndTime."&".$wowzaSecureTokenStartTime."&".$wowzaTokenPrefix ."hash=$usableHash";
    //$url = $wowzaContentURL ."?". $wowzaTokenPrefix ."=$usableHash";
}

public static function getContentPath(string $streamName) {
    return config('video.wowzaLiveApp').'/'.$streamName.'/'.$streamName;
}

}

Ah by mistake – forgot about that. The default is “wowzatoken” and you are using “t”