Roku Developer Program

Join our online forum to talk to Roku developers and fellow channel creators. Ask questions, share tips with the community, and find helpful resources.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
tcb256
Visitor

Secure Token Authorization

I had all but given up on my Livestream.com feed ever getting on Roku.  Recently Livestream.com made inroads to access the livestream.com feed.   But in order to gain access to it we must use a Secure Token Authorization method.  It does an MD5 hash on the Account ID & timestamp and passes that back to the server.   I've gotten livestream.com's examples to work but I've not found any recent docs/info on implementing this method into a Roku channel.   

All of Livestream's goodies can be found here:  https://github.com/Livestream/livestream-api-samples/tree/master/api-keys-auth-sample

In the sample above there are about 5 different javascript files that work together in order to get the "Secret API Key" without it being exposed to the world.

I'm hoping a wise and kind soul can point me in the direction I should go to study this out for building it.  Your comments are appreciated!

Thank You,
tcb256
0 Kudos
3 REPLIES 3
belltown
Roku Guru

Re: Secure Token Authorization

You need your own server (running somewhere other than on a Roku device) to generate the secure token by taking the MD5 hash of your API key, the timestamp, and the scope. The server returns the secure token in a response to your client (Roku) request. The client then includes the secure token in the video playback URL.

However...

You could conceivably generate the secure token within your client application (Roku channel). Livestream doesn't want you doing that to prevent a user gaining access to the API key from the client application. But since the Roku is not a web browser, the API key wouldn't be exposed, so I don't see a problem with doing it from within a Roku channel.
0 Kudos
belltown
Roku Guru

Re: Secure Token Authorization

Try something like this (untested) code to get the secure token from within your Roku channel:

Sub Main () 
    timestamp = CreateObject ("roDateTime").AsSeconds ().ToStr ()
    token = generateToken ("secretapikey", "readonly", timestamp)
    Print token
    Stop
End Sub
 
Function generateToken (apiKey As String, scope As String, timestamp As String) As String
    token = ""
    hmac = CreateObject ("roHMAC")
    baKey = CreateObject ("roByteArray")
    baKey.FromAsciiString (apiKey)
    If hmac.Setup ("md5", baKey) = 0
      baMessage = CreateObject ("roByteArray")
      baMessage.FromAsciiString (apiKey + ":" + scope + ":" + timestamp)
      hmac.Update (baMessage)
      baResult = hmac.Final ()
      If baResult.Count () > 0
        token = baResult.ToHexString ()
      End If
    End If
    Return token
End Function
0 Kudos
tcb256
Visitor

Re: Secure Token Authorization

Thank You for Your Support Brother!

I'll work with this code tonight and report back my progress soon.

tcb256
0 Kudos