azure encryption JWT playback

Anes Hmida 81 Reputation points

I couldn't be more confused on how to add a JWT token to test if my stream works, I have literally tried everything and it still wouldn't accept my data.

So I tried to create a test JWT from an online token generator ( this one : )

here is the JWT decoded 🥇

    "alg": "HS256",
    "typ": "JWT"

    "iss": "********-***-****-****-******d/",
    "aud": "*******-*****-****-****-********",
    "iat": 1600954213,
    "exp": 1632490213,
    "nbf": 1632490213

"iss" is my .net/tenantID
"aud" is my ad app id

i generate this with my verification key and gives me A VERIFIED token

I then add the same exact data in my content key policy in azure portal token configuration with the same verification key

i generate a new streaming policy with the created token , i take it to the Azure Media Player online , i set in the AES textfield "bearer=myverifiedtoken"

i paste my generated widevine DRM URL over dash with the player open on Chrome i press play and i get an error



Azure Media Services
Azure Media Services
A group of Azure services that includes encoding, format conversion, on-demand streaming, content protection, and live streaming services.
314 questions
0 comments No comments
{count} votes

Accepted answer
  1. Xavier Pouyat 591 Reputation points Microsoft Employee

    Are you playing the stream with Azure Media Player specifying the token using the advanced option?

    You should check that the content key policy does not require the key id to be in the token. It is the case if you see
    "claimType": "urn:microsoft:azure:mediaservices:contentkeyidentifier"
    in the claims of the policy.

    If you are running Windows, you can generate a token with AMSE ( Select the published asset, double click on it, go to content protection, keys and test token tab.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Xavier Pouyat 591 Reputation points Microsoft Employee

    It looks like you created the content key policy using the Azure Portal, right ? Did you add any specific claim ?
    I ask the question as per default, it looks like the portal add the "iss", "aud" mandatory claims. And "nbf" and "exp" are required. Your token contains "iat" and I wonder if this is not the a claim which creates the issue. Can you remove "iat" ?
    Are your sure the token is signed with the same key that defined in the content key policy ?

    2 people found this answer helpful.