Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Passing custom parameters to Wowza with JW Player 6

We have some videos that are protected with a token based authentication on our Wowza server - this works well with JW Player 5, but attempts to use this with JW Player 6 fail. I have some test URLs:

JW Player 5 with authentication token (works):
http://148.85.1.57/videotest/jwp5_protect.php

JW Player 6 without authentication token in unprotected app (works):
http://148.85.1.57/videotest/jwp6_open.php

JW Player 6 with authetication token (doesn't work):
http://148.85.1.57/videotest/jwp6_protect.php

usually what we need to do is to pass the authentication token as a URL parameter, but clearly I'm making some mistake here. What is the proper way to pass URL parameters to the server using JW Player 6?

10 Community Answers

Up Down

Ethan Feldman

JW Player Support Agent  
0 rated :

Maybe the token needs to be passed in per this? – http://www.longtailvideo.com/support/jw-player/28854/using-rtmp-streaming

Secure Token

The Wowza Media Server includes a feature called Secure Token that is used to protect your streams from downloading. It works by having the player send a token to the server, which is verified before the stream is started. JW Player supports this mechanism, using the RTMP securetoken option:

jwplayer("myElement").setup({
    file: "rtmp://example.com/vod/mp4:myVideo.mp4",
    height: 360,
    image: "/assets/myVideo.jpg",
    rtmp: {
        securetoken: "Kosif093n203a"
    },
    width: 640
});

Note we do not support the option to compile in the securetoken. SWF provides little incremental security over JS (they're both client-side), especially when the JS code is slightly obfuscated.

Up Down

JW Player

User  
0 rated :

We are not using the Secure Token method mentioned here, rather it is more like what is described here:

http://www.wowza.com/forums/content.php?247-How-to-control-access-to-an-HTTP-stream-(cupertinostreaming-smoothstreaming-sanjosestreaming)

Up Down

Ethan Feldman

JW Player Support Agent  
0 rated :

Ok, got it, can you please leave these urls up so we can debug?

Up Down

JeroenW

JW Player Support Agent  
0 rated :

Rob, can you try the following URL for the single RTMP in JW6?

rtmp://stream01.amherst.edu:1935/protected/_definst_/?token=b72e0d8c0fee09620e380f0b7b66fedf/mp4:sand_mandala_video.mp4



The token is part of the application, which is why it's placed before the mp4: part. I don't know if the "/" ends up with the application though, and if that's a problem.

Up Down

JW Player

User  
0 rated :

I have tried putting the token as suggested, but this did not work either.

If I do a packet trace of the session with JW Player 5, I can see the token being sent in the C2 handshake, but do not see this with JW Player 6 with the token after the application or at the end of the resource link.

I have added this configuration to the jw6_protect test page. Also, to aid in troubleshooting, I have set up a persistent token "TESTTOKEN" which does not expire.

Up Down

JeroenW

JW Player Support Agent  
0 rated :

Ah, the definst setting (which should not be needed) is causing issues. We’ll look into changing the internal break-up logic for that. For now though, URLs like this will work for you (just confirmed this):

rtmp://stream01.amherst.edu:1935/protected/?token=TESTTOKENmp4:sand_mandala_video.mp4



*) The "_definst_" part is removed
*) The "/" after the token is removed

Up Down

JW Player

User  
0 rated :

Excellent! I just tried my test page and it works as described. Would this be the same for RTSP too?

Up Down

JeroenW

JW Player Support Agent  
0 rated :

I think so, though JW Player does not support RTSP (Flash and HTML5 don’t support it). I presume you want to use it as a fallback for mobile devices?

Up Down

JW Player

User  
0 rated :

Yes. We are seeing that the Android Jelly Bean devices can't play videos from our site and are hoping to find a solution. Launching the native player on the device seems to work, so maybe some user agent sniffing and replacing the JW Player when the device is a newer Android may be in order.

One follow-up question about the _definst_ problem - is it the underscore that is problematic? We have some applications with underscores in the name.

Up Down

JeroenW

JW Player Support Agent  
0 rated :

The entire “definst” string is triggering something specific in JW Player, which breaks your tokenization. We should disable that behaviour on our side.

As to the RTSP fallback, that indeed sounds like a good idea.

This question has received the maximum number of answers.