SecureToken - is there any way to force unique "login" authentication
Sorry for my previous question - It was misunderstanding of secure token mechanics...
I want to ask, if you have any proposition, how to build access restriction based on SecureToken v2 method of authentication. I want to authenticate my users with our own authentication backend and sign wowza stream addresses for them, but I want to be sure that they are not able to simultaneously access streams using the same credentials.
Can I attach custom authentication data to signed url (for example wowzatokenusername=paluho) and later check on the wowza side if there is running session with given authentication parameter?
There isn't any way to intercept the secure token workflow however, you could check the query params separately to see if they are already being used in another session. If someone tries to change your `wowzatokenusername` value manually then it would fail the secure token check anyway.
Where you might have a problem is if the user refreshes the player page and restarts it with the same token values. This would create a new session before the old one times out. The normal secure token checks would pass but your username check would fail until the old session timed out and shut down.
Part of the secure token check is the player ip address which must match for the player connection to your web page and for the player connection to the Wowza server. Given that most problems are with users sharing links, this catches most cases. If you need to have a more secure approach then you can use the APIs to create your own solution.
If the playback user is using the correct playback URL, with the correct security token, then his playback request will be authorized. However, you could restrict the secure token validity to the Client IP. This way, even if the unauthorized playback user is using the correct playback URL, his IP address won't match the one for which that particular secure token hash was generated.