EdgeAuth Overview
EdgeAuth tokens are a representation of what a user holding a token is allowed to do with the system. Each token is signed using a pre-shared secret so that the Phenix Platform knows that a verified Customer token service generated the token.
With the assurance that a verified Customer service created the token, the Phenix Platform can make decisions about what the token holder can do. Examples include subscribing to a Channel with a specific ID or Alias, subscribing to any channel that has a specific tag, or publishing to a specific room.
You can easily generate secure digest tokens to use with the Phenix platform by integrating the Phenix EdgeAuth library with your backend solution. We currently provide libraries/SDKs for the following platforms:
- DotNet
- Go
- Java
- Node.js
- PHP
- Python
Workflow
Our workflow restricts access to your streams to only the clients that you explicitly authorize. It is the responsibility of your application to authorize your clients accordingly and provide them with EdgeAuth tokens generated with our EdgeAuth libraries.
The recommended approach is to use our channel and room API and manage access for your users based on channels/rooms.
Using our EdgeAuth libraries you can create tokens:
-
To publish to a Channel/Room
-
To view a Channel/Room
-
To access live streams via HLS/DASH
-
Any other type of access. Please contact your primary Phenix technical support contact so we can advise you on the best way to use EdgeAuth tokens for your use case.
In addition, when you create EdgeAuth access tokens you can associate tags with each them, for example, to map users to your internal accounting system or to generate billing reports for your customers. These tags will be available for filtering and as an output column when you generate usage reports.
Example Channel Viewing Workflow
In order to permission your users to access your channels:
-
You create an EdgeAuth token which is configured to access the channel for each individual user or, alternative at your discretion, groups of users.
-
You pass that token from your backend to the user's device.
-
Use one of our SDKs to access the channel with the EdgeAuth token.
-
Monitor the client-side APIs for when you need to provide a new token to the SDK, for example, when the token expired.
The integrity of the workflow depends on not disclosing your application secrets to your users. Thus, it is mandatory that all interactions with the EdgeAuth libraries are only performed on trusted devices (e.g., your backend). Please contact us immediately if you believe that your application credentials have been exposed to unauthorized parties.