Nonstop Brightscript SDK

Playing Content Nonstop

In order to play content Nonstop the client app should pass additional values to the EIA Entitlement and EIA Ads services.

There is one additional parameter:

  • cbp_token - An encrypted JWT Access token to pass through to EIA Services

Access Tokens (cbp_token)

EIA Services require an Access Token to be sent to validate requests to stream with the reduced ad load. Access Tokens will be provided on call-backs or results from SDK methods that can instruct the client to play Nonstop.

These are:

The Access Token is generated Server Side using the following approach:

  1. The backend runs through all of the validation and business logic to determine that the requested Content is indeed available for the user to watch Nonstop this includes:
    • Does the user exist?
    • Does the content exist?
    • Is this content available to watch Nonstop?
    • Is the number of points the user is trying to use for the content correct?
    • Does the user have enough points to use to watch this Nonstop?
    • Has the user previously purchased this content?
    • Is the purchase within the grace period?
  2. If an Access Token is required the Nonstop server gets a Secret from Azure Key Vault and uses it to create an X509Certificate
  3. A Security Token Descriptor is created containing two claims
    1. The Users External ID as the Name claim
    2. A "cbp" claim with a value of 1
  4. The expiry on the token is set to 60 seconds from creation
  5. The issuer is set as "nonstop"
  6. The token descriptors SigningCredentials are set to use the X509Certificate to create an X509SecurityKey with an RsaSha256Signature
  7. This is converted into a JWT Security Token
  8. This is converted to a string
  9. This is returned to the Client SDK along with the instruction to play Nonstop
  10. The Client app should send the token to the player framework using the "cbp_token" parameter
  11. These services can decrypt the Access Token using the reverse of the process above
  12. Once decrypted, the Expires data should be tested for recency. All signed requests should be received within 60 seconds.
  13. Once decrypted, the cbp claim should be tested for a value of 1
  14. If the request does not validate the service can either drop back to a standard Ad load or return an error
In this document
Go to top