Roku Developer Program

Developers and content creators—a complete solution for growing an audience directly.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rsromeo
Level 7

Registration/Linking Question

Hi -

From what I've read in the forum and the SDK documentation/examples, it looks like I am supposed to dynamically create a unique registration code on my web server. Then once that code is entered on my site, I have to create a unique device token which will be stored in the Roku user's registry. How do you create the device token? Is it just a random number that is x characters long or is it the device's ESN encrypted? If its an encrypted code, how do you encrypt it?

Thanks
0 Kudos
30 Replies
RokuKevin
Level 9

Re: Registration/Linking Question

The device token can be anything you want it to be. You just need it to be unique and associate it with a user account on your site.

A simple guidgen or something similar would server that purpose just fine.

--Kevin
destruk
Level 10

Re: Registration/Linking Question

Or you don't need a device token and simply query the server with the device serial number when the channel loads to get the current subscription status. - you want to do that regardless to see if the user cancelled or not.
0 Kudos
RokuKevin
Level 9

Re: Registration/Linking Question

We do not advise linking via serial number and will ask you to change it if detected when you publish your channel.

The problem we have with that is if the Roku is sold on eBay etc... It would still be associated with the previous owner's account information on your website.

If you store a device token in the registry, a factory reset will delete all registries and therefore device tokens when a new user gets the box. The Roku box would no longer be associated with the previous owner's account information.

It's OK to have the SN identified on your website for identification purposes to the user, but it should not be used for authentication.

--Kevin
0 Kudos
destruk
Level 10

Re: Registration/Linking Question

Good to know. Can you add that recommendation to the SDK publishing and linking pdf? If the ROKU is sold on ebay it will still be associated with the account anyway until the user does a factory reset or the previous owner cancels channels - so the end user will still have to do something. I guess I'm not seeing why it would be a problem to continue to bill the original owner for their subscriptions they agreed to pay for - for their own stupidity? Smiley Wink I'm not worried about 10 boxes being used in different locations, as we don't know if they took the box with them to a hotel. How would you be able to prevent instances like that? Checking the IP Address wouldn't work for a hotel situation either unless you wanted to add a webcam or biometric info through the USB port?
0 Kudos
destruk
Level 10

Re: Registration/Linking Question

Would it be acceptable to use the RegWrite function in generalutils.brs to save the serial number of the device to the roku registry for the channel after it has been successfully linked, and read it back from the registry with regread to send to the authentication server if it exists when the channel loads? That way it can still be checked to see if it's there, indicating the device has been linked, it could also be cleared with a factory reset, and if it doesn't exist then go through the link to new account process as normal? Technically that wouldn't be sending the serial number of the device for authentication, but a copy of the serial number for the device.
0 Kudos
destruk
Level 10

Re: Registration/Linking Question

One more thing. (Sorry) - ROKU controls the channels on the Roku Box Account. All Roku boxes on the same account show the same channels installed for that account. You can go through and remove channels from individual boxes on the same account and eventually they refresh themselves to all have the same stuff on each one - I'm not sure if this is caused by a reset of the box in question, or if it happens during an update to the system, or what, but I've seen it happen before. By 'controls the channels' what I mean is, roku tracks which channels the user has installed, makes sure they are patched to the latest version stored on ROKU's servers for the channel store, basically maintains them, does billing for a few of them where required, and keeps them organized, possibly tracks their display order, etc etc.

The individual channels themselves have their own billing systems and authentication systems on their individual servers - except for the few channels which are billed by ROKU. So, it's possible, without a factory reset, for someone to 'borrow' someone else's paid subscriptions on a roku device and use it at an alternate location provided the registry key exists which is used for the authentication.

So, I guess my real underlying question is - you need to use the serial number as it is to link a box - I just do not see any way around that requirement - it is already unique. How would you go about checking for a factory reset by the end user - which clears all information used for authentication - to automatically unsubscribe them from whatever billing system you are using if that was the only device on their account without accessing the serial number? Could a factory reset be designed to send out a notification method to all the installed channels, and could such notification also be added to the channel removal code on the roku device so that when a channel is uninstalled, all recurring payments would know to stop? Does the ROKU billing service do that?
0 Kudos
kbenson
Level 7

Re: Registration/Linking Question

Us a variation of what you are proposing. Instead of saving the serial in the registry on first run and sending it on link/run to link a player to an account, generate a uuid and store that instead. You will have a way to uniquely link each player to the service, and on factory reset the link is correctly removed.
-- GandK Labs
Check out Reversi! in the channel store!
0 Kudos
TheEndless
Level 9

Re: Registration/Linking Question

destruk, you're way overthinking it. The idea is that you use the Serial Number to identify the device during registration, but actually register it with some unique identifier that you generate, then store that in the registry on the Roku. When the box is factory reset, that unique identifier gets wiped, thus breaking the link.

As for subscriptions being transferred when a box is sold, that's the original owner's responsibility. As a general rule, you should always factory reset a device (Roku or other) before selling it to someone else.
My Channels: http://roku.permanence.com - Twitter: @TheEndlessDev
Instant Watch Browser (NetflixIWB), Aquarium Screensaver (AQUARIUM), Clever Clocks Screensaver (CLEVERCLOCKS), iTunes Podcasts (ITPC), My Channels (MYCHANNELS)
0 Kudos
TheEndless
Level 9

Re: Registration/Linking Question

"destruk" wrote:
Good to know. Can you add that recommendation to the SDK publishing and linking pdf?

It is spelled out pretty clearly in the DeveloperGuide.pdf...
"DeveloperGuide.pdf" wrote:
When using rendezvous style registration and account linking, be sure to store the linking
information in the device registry and not on your servers. We require that users are able
to do a “Factory Reset” and be confident that no personally identifiable information is
associated with the device. This is not possible if you have saved permanent serial
number information on your servers.
My Channels: http://roku.permanence.com - Twitter: @TheEndlessDev
Instant Watch Browser (NetflixIWB), Aquarium Screensaver (AQUARIUM), Clever Clocks Screensaver (CLEVERCLOCKS), iTunes Podcasts (ITPC), My Channels (MYCHANNELS)
0 Kudos