Available in Classic and VPC
The following describes JSON Web Token (JWT) authentication required for authentication.
Header
The following is the header configuration.
- alg: hash algorithm used to create the signature
- Support HS256 (HMAC SHA256)
- typ: token type
- Only the JWT format is supported
The following is an example of using the header.
{
"alg": "HS256",
"typ": "JWT"
}
Payload (details)
The following is the payload configuration.
- path: URL path to which the token is applied
- Required value
- * is allowed
- exp: token expiration time (expiration)
- Option value
- NumericDate format <example> unix timestamp
- nbf: token activation time (Not Before)
- Option value
- NumericDate format <example> unix timestamp
- cip: client IP target
- Option value
- CIDR is allowed
The following is an example of using the payload.
{
"path": "/foo/bar/example.mp4",
"exp": 1672455600,
"nbf": 1669258800,
"cip": "192.168.200.0/24"
}
Signature
To create a signature, follow these steps:
-
Encode the header and payload to Base64 URL, respectively.
# as-is { "alg": "HS256", "typ": "JWT" } # to-be {"alg":"HS256","typ":"JWT"} # Base64 URL encoding eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9NoteWhile encoding to Base64 URL, blanks and enter values of JSON are removed.
-
Connect the encoded header to the encoded payload using a period (.) as a separator.
-
Extract a hash value by an algorithm (HMAC SHA256) from the connected string with the secure key.
You can create and validate the signature at https://jwt.io/.
Form of use
The following is the reference for form of use and examples.
- Query Token
- You can request the JWT token by applying it to the query string
- Example
# Query format https://example.com/foo/bar/example.mp4?<JWT token name>=<JWT token> # Example https://example.com/foo/bar/example.mp4?globaledgejwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwYXRoIjoiL2Zvby9iYXIvZXhhbXBsZS5tcDQiLCJleHAiOjE2NzI0NTU2MDAsIm5iZiI6MTY2OTI1ODgwMCwiY2lwIjoiMTkyLjE2OC4yMDAuMC8yNCJ9.65cikBSh0rsrH1-2Q87HSK7v3-KExYe-B1wpaTZTQ2o