I've setup a simple Azure function to test out Azure media services. I'm trying to protect a video I uploaded, but I can't seem to get the JWT right. Here's the simple function code.
[FunctionName("Test")]
public static async Task<IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req,
ILogger log)
{
var expires = DateTimeOffset.UtcNow.AddMinutes(20);
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("RYhzAnz....VP0uQ==")); // removed full key for brevity
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var claims = new List<Claim>
{
};
var token = new JwtSecurityToken("http://test.net/",
"urn:user",
claims.AsEnumerable(),
expires: expires.LocalDateTime,
signingCredentials: credentials
);
return new OkObjectResult(new JwtSecurityTokenHandler().WriteToken(token));
}
I've filled out the issuer/audience in the token so that it matches what is in my Azure settings.
I've even validated that token on jwt.io, and it verified correctly
But when I test it out on the Azure Media Player, the response is a 401 with a AuthorizationPolicyEvaluationFailure.
Here's the response from the Azure key delivery service
{
"Error": {
"Message": "Failed content key policy evaluation.",
"Code": "AuthorizationPolicyEvaluationFailure"
}
}
Found out what I was doing wrong. Problem was hidden in plain sight. Issue came down to this line of code.
This was getting the bytes of the security key, but the security key itself is base64 encoded. I had to change it to this instead.
I was able to figure this out while debugging the Azure Media Service AES example.