The registry is sandboxed for each application based on the application's signed id number. I don't know of a way to get or duplicate that id number without installing the specific application.
If you have more than one channel signed with the same id number then they will be able to use the same registry section, so you'll want to use a seperate key for each app. The linking registry token can be the same, as you only have to link once if they are set this way, but the authentication should be separate for each channel so you can tell which channels are registered and which aren't. I think the initial check of the registration token in the example is exactly correct for what it is doing - you would add a second call to validate the registration token somewhere between the "is linked" check and the actual retrieval of the xml files for content population. That's what I do for all my channels anyway and it works just fine.

Thanks destruk!

The registry is sandboxed for each application based on the application's signed id number. I don't know of a way to get or duplicate that id number without installing the specific application.

I haven't gotten past sideloading yet so wasn't familiar with the application signed ids - thanks for that info.

you would add a second call to validate the registration token somewhere between the "is linked" check and the actual retrieval of the xml files for content population. That's what I do for all my channels anyway and it works just fine.

Is there an example of the Brightscript portion of that "second call" somewhere? Is it easy enough to just copy/modify the other reg calls?

thank you!
Joe

My current/revised authentication routine is done in four parts, with sufficient pauses between each check to update what the screen displays based on the token received from the server, as a sort of progress report.
Basically, if the roku device hasn't been linked, then it sends the serial number and a request to the server to get a registration code key number to display on the screen.
The roku displays the key and the URL to go to, while the server stores the serial and registration code that was created into a temporary scratch database table on the server.
The user then goes to their computer, to the url specified, creates a user account on the server, (or uses their existing account), and then goes to the link page on the server and types in the code.
The server checks the temporary table for the code, if it matches one that exists, it logs the user id they are signed in with, the code that was entered, and any metrics we are storing for historical reference, and it sends back a 'Hi there I have been linked to this specific account' secret key number to the roku.
The roku stores this secret key number in the islinked section of the registry.

Next, when it has that key number, it then displays something along the lines of "Please subscribe to this channel to access content - here:" with another url which points to our mega-channel database where the end user can pick and choose what channels they want, what they want to unsubscribe from, enter in special promo codes for 6 months free, 1 month free, a free movie poster mailed out on subscription to their address, etc etc etc

When the app notices a second token being returned to the roku at this point, it checks the value returned from the server. If it matches 'cleared for access', then it stores that as the 'authorization token' for said channel name, and then downloads and displays the content xml's.

With those two keys in the roku registry, when you quit and reenter the channel it first checks for something to be in the linked key - and then it checks the authorization key - if the authorization key exists it sends it to the server, the server validates the status, and returns either an "ok", "You must resubscribe", or "you are not authorized". Based on the four possible outcomes (these three + the islinked key) it displays the required screen.

The serial number isn't supposed to be used for authentication of content, but you can use it for tracking, so that's what my code does for it - it uses it only during the linking process and discards it later, save for logging purposes only.

I'm sure other people do this differently - that's just what made the most sense to me. I also have it storing data in the registry for a 'bookmarks' list for played content, and we have the server tracking and logging every show played, how much was watched, etc etc etc. I find it much easier to work on both sides simultaneously - makes for easier testing.


Actual execution is really fast - if it's linked and cleared, then you enter the channel and nearly immediately are presented with the content lists to play. If you enter and are not linked you get the "Please link your roku" screen, if you enter and have cancelled this channel before, it jumps directly to resubscribe, etc etc. I think it's neat.

Thanks very much destruk - this is cool!

if the authorization key exists it sends it to the server, the server validates the status, and returns either an "ok", "You must resubscribe", or "you are not authorized". Based on the four possible outcomes (these three + the islinked key) it displays the required screen.

Basically I'm looking for help with the Brightscript portion of this process. I think I can figure it out from the example code, but a working example would of course save some time!
Currently I'm beating my head against the wall trying to figure out how to get rid of the leafs by tweaking the Brightscript xml parsing over here viewtopic.php?f=34&t=26563#p260286 so anywhere I can save a few hours by finding a working example is always nice 🙂

thanks again, cheers

"destruk" wrote:
My current/revised authentication routine is done in four parts, with sufficient pauses between each check to update what the screen displays based on the token received from the server, as a sort of progress report.
Basically, if the roku device hasn't been linked, then it sends the serial number and a request to the server to get a registration code key number to display on the screen.
The roku displays the key and the URL to go to, while the server stores the serial and registration code that was created into a temporary scratch database table on the server.
The user then goes to their computer, to the url specified, creates a user account on the server, (or uses their existing account), and then goes to the link page on the server and types in the code.
The server checks the temporary table for the code, if it matches one that exists, it logs the user id they are signed in with, the code that was entered, and any metrics we are storing for historical reference, and it sends back a 'Hi there I have been linked to this specific account' secret key number to the roku.
The roku stores this secret key number in the islinked section of the registry.

Next, when it has that key number, it then displays something along the lines of "Please subscribe to this channel to access content - here:" with another url which points to our mega-channel database where the end user can pick and choose what channels they want, what they want to unsubscribe from, enter in special promo codes for 6 months free, 1 month free, a free movie poster mailed out on subscription to their address, etc etc etc

When the app notices a second token being returned to the roku at this point, it checks the value returned from the server. If it matches 'cleared for access', then it stores that as the 'authorization token' for said channel name, and then downloads and displays the content xml's.

With those two keys in the roku registry, when you quit and reenter the channel it first checks for something to be in the linked key - and then it checks the authorization key - if the authorization key exists it sends it to the server, the server validates the status, and returns either an "ok", "You must resubscribe", or "you are not authorized". Based on the four possible outcomes (these three + the islinked key) it displays the required screen.

The serial number isn't supposed to be used for authentication of content, but you can use it for tracking, so that's what my code does for it - it uses it only during the linking process and discards it later, save for logging purposes only.

I'm sure other people do this differently - that's just what made the most sense to me. I also have it storing data in the registry for a 'bookmarks' list for played content, and we have the server tracking and logging every show played, how much was watched, etc etc etc. I find it much easier to work on both sides simultaneously - makes for easier testing.


Actual execution is really fast - if it's linked and cleared, then you enter the channel and nearly immediately are presented with the content lists to play. If you enter and are not linked you get the "Please link your roku" screen, if you enter and have cancelled this channel before, it jumps directly to resubscribe, etc etc. I think it's neat.

I wish I could rate posts on this board. This would get maximum points if I could! 🙂

Someday I may revisit this and change to your excellent but more complex strategy, but for now I think this will work for me; maybe it will even help someone else trying to figure this out.
What I've done is to modify the isLinked() Function to check for more than the existence of the RegToken. Now my code sends the RegToken and serial number to a new page (UrlValidate) on the server, which then checks our db to see whether this account should be authorized; not only to check whether his RegToken exists (and matches the serial number, just in case people are able to somehow share these Tokens), but also whether he's an active member of the site.

Function isLinked() As Dynamic
    if Len(m.RegToken) > 0  then 
      ' send RegToken to server for validation        
      sn = GetDeviceESN() 
      http = NewHttp(m.UrlValidate)
      http.AddParam("deviceID", sn)
      http.AddParam("RegToken", m.RegToken)
      
      rsp = http.Http.GetToString()
      xml = CreateObject("roXMLElement")
      print "GOT: " + rsp
      print "Reason: " + http.Http.GetFailureReason()

      if not xml.Parse(rsp) then
        print "Can't parse getRegistrationCode response"
        ShowConnectionFailed()
        return ""
      endif

      if xml.GetName() <> "result"
        Dbg("Bad register response: ",  xml.GetName())
        ShowConnectionFailed()
        return ""
      endif

      if islist(xml.GetBody()) = false then
        Dbg("No registration information available")
        ShowConnectionFailed()
        return ""
      endif
      
      'set default value for validate
      validate = "fail"

      'handle validation of response fields 
      for each e in xml.GetBody()
        if e.GetName() = "validate" then
            validate = e.GetBody()  'pass or fail
        endif
      next

      if validate = "" then
        Dbg("Parse yields empty validation result")
        ShowConnectionFailed()
      endif

      if validate = "pass" then return true

    endif
    return false
End Function

With this, I found that I could back out from the Reg screen and somehow still get to the content without a valid RegToken, so I also changed the displayCategoryPosterScreen function (in appHomeScreen) to look like this, and all is well:

Function displayCategoryPosterScreen(category As Object) As Dynamic

    if isLinked() then

      if validateParam(category, "roAssociativeArray", "displayCategoryPosterScreen") = false return -1
      screen = preShowPosterScreen(category.Title, "")
      print "attempting to show Poster Screen for " + category.Title
      showPosterScreen(screen, category)

      return 0
    else 
      return 1
    end if
    
End Function

If your going with a public channel you may want to reconsider this if your saving the serial, unless i am misunderstanding your usage

viewtopic.php?f=34&t=37499&p=244533&hilit=link+player+serial#p244378

If your going with a public channel you may want to reconsider this if your saving the serial, unless i am misunderstanding your usage

From the post you linked, it seems like storing the serial number is OK, as long as we don't use the serial number for linking (granting access) and instead use the unique RegToken that gets cleared from the device upon factory reset.

from RokuKevin in the post you linked:

It's OK to have the SN identified on your website for identification purposes to the user, but it should not be used for authentication.

I'm creating a unique regToken and also saving the serial as well. The unique regToken is used for linking and the serial is just an additional check to prevent sharing of regTokens. If the user does a factory reset, they will no longer be linked / have access to our service. A new user with the device will not be able to access our service until they register. Even though we have the serial in our database, we never select where serial = sn, we select the serial where regToken = regToken to make sure that incoming reg Token belongs to that roku device. Is this wrong?

"joetesta" wrote:
Is this wrong?

Nope. Sounds like you're doing it exactly right.