Networked Media Open Specifications

HOME DOCS

Docs for main

Overview

Prerequisites

JSON Web Tokens (JWT)

Authorization Server Setup

Implementing Authenticated API Calls

Node to Authorization Server Interactions

Node to Registry Interactions (IS-04)

Controller to Authorization Server Interactions

Controller to Registry (IS-04) and Node Interactions (IS-05, IS-08)

Event and Tally Interactions (IS-07)

Validating Access Tokens

Development Resources

VERSIONS

Branches

main

No releases yet

IS

Interface Specifications

IS-04: Discovery & Registration

IS-05: Device Connection Management

IS-07: Event & Tally

IS-08: Audio Channel Mapping

IS-09: System Parameters

IS-10: Authorization

IS-11: Stream Compatibility Management

IS-12: Control Protocol

IS-13: Annotation

IS-14: Device Configuration

BCP

Best Common Practices

BCP-002-01: Natural Grouping

BCP-002-02: Asset Distinguishing Information

BCP-003-01: Secure Communications in NMOS Systems

BCP-003-02: Authorization in NMOS Systems

BCP-003-03: Certificate Provisioning in NMOS Systems

BCP-004-01: Receiver Capabilities

BCP-005-01: EDID to Receiver Capabilities Mapping

BCP-006-01: NMOS With JPEG XS

BCP-006-02: NMOS With H.264

BCP-006-03: NMOS With H.265

BCP-007-01: NMOS With NDI

BCP-008-01: NMOS Receiver Status

MS

Data Model Specifications

MS-04: ID & Timing Model

MS-05-01: NMOS Control Architecture

MS-05-02: AMWA NMOS Control Framework

MS-05-03: AMWA NMOS Control Block Specs

INFO

Informative Documents

INFO-002: Security Implementation Guide

INFO-003: Sink Metadata Processing Architecture

INFO-004: Implementation Guide for DNS-SD

INFO-005: Implementation Guide for NMOS Controllers

INFO-006: Implementation guide for NMOS Device Capabilities Control

REG

Parameter Registers

General Procedures and Criteria

Capabilities

Device Control Types

Device Types

Flow Attributes

Formats

Node Service Types

Sender Attributes

Source Attributes

Tags

Transports

Transport Parameters

F-SETS

Control Feature Sets

Identification

Monitoring

DEVEL

Developer Links

GitHub Repo

API Testing Tool

CI Dashboard

SEARCH

Validating Access Tokens

←Event and Tally Interactions (IS-07) · Index↑ · Development Resources→

There are a number of steps that need to be considered while validating the access token.

• Check that the JWT is well-formed, such as JWT contains three segments, Header, Payload and Signature, separated by period (‘.’) characters. Each segment is Base64url encoded.
• Verify the Signature, using the issuer’s public key, to ensure the token has not been tampered with.
• In event the issuer public key is not known, respond with an HTTP 503 (Service Unavailable) code in order to avoid blocking the incoming authorized request, and fetch the missing public key from the server metadata’s jwks_uri endpoint. The server metadata can be retrieved via the token iss claim as specified in RFC 8414 section 3.
• Check the registered claims, such as token expiration exp and token audience aud.
• Check the private claims, to verify whether it has permission for accessing the API.

If any of these steps fail, then the associated request is not valid.

JWT.io has provided a number of third-party libraries which support the JWT validation for most of the steps described above. However, even using these libraries, the extra step for private claims validation is still necessary for checking the NMOS private claims.

←Event and Tally Interactions (IS-07) · Index↑ · Development Resources→

Documentation built at 04:51:06 CDT on 2024-08-29.
(c) AMWA 2024. RAML/JSON licensed under Apache 2.0. Documentation licensed under CC BY-ND 4.0.