Ensure that the signing key is the same as the key specified in the token restriction

Francis Valbuena 1 Reputation point
2020-09-03T05:29:11.523+00:00

Hi,

I'm using DRM Widevine for my Content Key Policy. I'm having an issue on how do I implement the token to be generated by my nodejs backend to be consumed by my player.

Here is the sample of my error
https://dev-qa-environment.s3.ap-southeast-1.amazonaws.com/media-service/azureplayer.html

When calling the widevine from the player, I get:

Failed content key policy evaluation. Additional information: ↵Policy option 3568952f-b764-4823-b66d-fb06cdcc3629: Token signature verification failed. Ensure that the signing key is the same as the key specified in the token restriction.

Here's my current implementation:
Client page loads -> Asks for token in the backend (NodeJS) -> Backend will connect to azure -> Backend to generate a jwt using issuer, audience and signature (PrimaryVerificationKey from my widevine token restriction) -> Backend sends back to client page the generated token -> client page will use the token as bearer for the widevine license url

Thank you in advance

Azure Media Services
Azure Media Services
A group of Azure services that includes encoding, format conversion, on-demand streaming, content protection, and live streaming services.
317 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Ryan Hill 28,636 Reputation points Microsoft Employee
    2020-09-04T04:22:31.757+00:00

    Hi @Francis Valbuena ,

    Your policy could be failing for any of the following reasons:

    • Missing authentication header.
    • Bad authentication header value.
    • The token has expired.
    • The token contains an invalid signature.
    • Policy misconfiguration

    Check your jwt token to ensure the values are configured correct.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.