时间戳

首页 > 解决方案 > Amazon IVS URL 身份验证令牌

php - Amazon IVS URL 身份验证令牌

问题描述

似乎无法让此 Url 签名与 Amazon IVS 一起使用。我正在使用来自https://github.com/lcobucci/jwt的包。我需要获得 ES384 签名才能保护我的直播流。

这是我的代码

 /**
 * _signUrl
 * 
 * 
 */
private function _signUrl($playbackUrl, $channelArn){
    $header = [
        "alg" => "ES384",
        "typ" => "JWT"
    ];
    
    $payload = [
        "aws:channel-arn" => $channelArn,
       // "aws:access-control-allow-origin" => "<your-website>",
        "exp" => \Carbon\Carbon::now()->addDays(3)->timestamp
    ];

    $signer = new \Lcobucci\JWT\Signer\Ecdsa\Sha384();
    
    $privateKey = InMemory::plainText("
-----BEGIN EC PRIVATE KEY-----
MIGkAgEBBDDuRdOUNt1lb0OHoDioTKRVOoRYqvyRnjCBZydC9kG7eb1pb0E3r+Wq
6jUEx9Zs1xWgBwYFK4EEACKhZANiAATsETeLPGzsREFHl/K9WFuLMrLazwH64de0
TOgMK9VqCseILxAJVtIuwN/jmBBFLUwe/MdVXpxPzgp60KTVNOqRla73oVdhYOHA
nevl9sJSns1fN3pMsf2TmXBX/B7/O2g=
-----END EC PRIVATE KEY-----
");
    
    $base64Encoded = (base64_encode(implode($header)).base64_encode(implode($payload)));
    $sign = $signer->sign($base64Encoded, $privateKey);
    
    $token = bin2hex($sign);
    
    return "{$playbackUrl}?token={$token}";
}

从 url 获取这个

错误“播放验证令牌格式错误”error_code“invalid_playback_auth_token”

标签: phpamazon-web-servicesurlencryptionpem

解决方案

您需要使用为 url 设计的 base 64 编码和解码的自定义版本。

  if ( ! function_exists('base64url_encode')){
    

    /**
     * Encode data to Base64URL
     * @param string $data
     * @return boolean|string
     */
    function base64url_encode($data)
    {
      // First of all you should encode $data to Base64 string
      $b64 = base64_encode($data);

      // Make sure you get a valid result, otherwise, return FALSE, as the base64_encode() function do
      if ($b64 === false) {
        return false;
      }

      // Convert Base64 to Base64URL by replacing “+” with “-” and “/” with “_”
      $url = strtr($b64, '+/', '-_');

      // Remove padding character from the end of line and return the Base64URL result
      return rtrim($url, '=');
    }
    

}

if ( ! function_exists('base64url_decode')){
    

    /**
     * Decode data from Base64URL
     * @param string $data
     * @param boolean $strict
     * @return boolean|string
     */
    function base64url_decode($data, $strict = false)
    {
      // Convert Base64URL to Base64 by replacing “-” with “+” and “_” with “/”
      $b64 = strtr($data, '-_', '+/');

      // Decode Base64 string and return the original data
      return base64_decode($b64, $strict);
    }

}

这是一个完整的更新功能

   /**
     * _signUrl
     * 
     * 
     */
    private function _signUrl($playbackUrl, $channelArn){
      

        $signer = new \Lcobucci\JWT\Signer\Ecdsa\Sha384();
        
        $privateKey = InMemory::plainText("
-----BEGIN EC PRIVATE KEY-----
MIGkAgEBBDDuRdOUNt1lb0OHoDioTKRVOoRYqvyRnjCBZydC9kG7eb1pb0E3r+Wq
6jUEx9Zs1xWgBwYFK4EEACKhZANiAATsETeLPGzsREFHl/K9WFuLMrLazwH64de0
TOgMK9VqCseILxAJVtIuwN/jmBBFLUwe/MdVXpxPzgp60KTVNOqRla73oVdhYOHA
nevl9sJSns1fN3pMsf2TmXBX/B7/O2g=
-----END EC PRIVATE KEY-----
");

        $token = "";
        $token .= (base64url_encode( json_encode( [
            "alg" => "ES384",
            "typ" => "JWT"
        ])));
                
        $token .= ".".(base64url_encode( json_encode( [
        "aws:channel-arn" => $channelArn,
        "exp" => \Carbon\Carbon::now()->addDays(3)->timestamp]
        )));
        
                
        $signPart = $signer->sign($token, $privateKey);
        
        $tokenComplete = $token.".". base64url_encode($signPart);
        

        
        return "{$playbackUrl}?token={$tokenComplete}";
    }

推荐阅读