Azion Secure Token is a serverless solution available at Azion Marketplace.
With the help of the Azion Secure Token solution, you can make token-based, time-limited URLs. The creation and validation of signatures for cookies, authentication headers, and other security measures can be done using these tokens, which can be altered in a variety of ways. Utilizing both HLS and Progressive Download, the solution is frequently used to secure video assets, including those used for live streaming and on-demand content.
Getting the solutionSection titled Getting the solution
To use the Secure Token solution provided by Azion Marketplace, you have to:
- Log in to your Real-Time Manager (RTM) account.
- If you don’t have one yet, create an account visiting the sign-up page.
- On the upper-left corner of the page, select Products menu > Marketplace.
- Select the search box and type “secure token” or browse through the cards to find the Secure Token solution.
- Once you’ve found the Secure Token card, select it to go to the solution page.
- On the solution page, look for the Subscribe for section on the bottom-right corner.
- Click the Get It Now button.
You’ll see a message indicating that your solution was successfully installed and is ready to use.
Generating the tokenSection titled Generating the token
In order to use this solution, you’ll have to generate a token. To do so, follow these steps:
- Go to the Azion’s Secure Token GitHub repository.
- In this repository, you’ll find a brief explanation about how the Secure Token is generated and how to use it.
- In the repository, you’ll find two example scripts to generate the tokens, a
PHPscript. You can run them locally and generate the token or you can generate these tokens on your own platform with your own code.
- Save the generated token, whatever may be the way you generated it through.
Note: using the Python script as an example, you’ll have the following source code:
secret= a string of your choice that will be used to generate the token.
uri= the URI to use with the token.
expire= the expiration time of the token.
Using the solutionSection titled Using the solution
Setting up the Edge Firewall ruleSection titled Setting up the Edge Firewall rule
To instantiate the Secure Token solution, follow the steps:
- In the Products menu, select Edge Firewall in the SECURE section.
- Click the Add Rule Set button.
- Give an easy to remember name to your new rule.
- Select the domains you want to protect with the function.
- Turn the Edge Functions switch on.
- Click the Save button.
Done. Now you’ve instantiated the rule for your function.
Setting up the solutionSection titled Setting up the solution
To instantiate the Secure Token solution, while still on the Edge Firewall page, select the Functions tab and follow these steps:
- Click the Add Function button.
- Give an easy-to-remember name to your instance.
- On the dropdown menu, select the Secure Token function.
This action will load the function, showing a form with the function code and, just above it, two tabs: Code and Args. By clicking the Code tab, you’ll be able to navigate through the code but not change it. In the same box, you have another tab: the Args tab. On the Args tab, you’ll pass the secret that you used to generate the token previously.
The Args tab will load a JSON file that looks like this:
secure_token_secret will be the secret string you’ve passed on the code when generating the token on the previous step.
Click the Save button and you’re done. Your Edge Firewall Secure Token solution is instantiated.
Setting up the Rules EngineSection titled Setting up the Rules Engine
To finish, you have to set up the Rules Engine to configure the behavior and the criteria to run the function.
Still in the Edge Firewall page, select the Rules Engine tab and follow these steps:
- Click the New Rule button.
- Give a name to the rule.
- Select a criteria to run and catch the domain you want to run the solution on. For example:
if Hostname is equal xxxxxxxxxxxx.map.azionedge.net/classes.
- Below, select the Run Function behavior to the criteria.
- Select the adequate Secure Token function according to the name you gave it in the instantiate step.
- Click the Save button.
Done. Now the Secure Token solution is running for every request made to the domain you indicated.
Important: Azion Nginx running on edge servers performs two checks on tokens: whether the current time is greater than the expiration time specified in the token, and whether the signature matches the token signature. If the signature is invalid, Nginx returns a 403 error, and if the expiry time is exceeded, it returns a 410 error. Malicious users aren’t able to change token expiry time without breaking signature.