Networked Media Open Specifications

Testing IS-10 Authorization

←Usage - Testing BCP-003-01 TLS · Index↑ · Usage - Testing of SDP Files→

When testing IS-10 / BCP-003-02 implementations, there are a number of configuration parameters which need to be set correctly to match your environment. ENABLE_AUTH should be set to True, then each of the parameters which begins AUTH_ should be considered to ensure it is set correctly.

Each of the specification test suites can be run in authorized mode where applicable. When this is enabled, every request which is made

by the testing tool will include a JSON Web Token which should grant is access to the API. If you receive authorization errors then this may indicate an issue with the implementation or a configuration error in the testing tool.

Test suites which include ‘mocks’, most notably the IS-04 Node tests (which include a mock registry) also require valid authorization tokens to be presented to them when ENABLE_AUTH is used.

Note that whilst the testing tool does not prevent authorization testing from being carried out with ENABLE_HTTPS turned off, this is for debugging purposes only. Production environments must never use authorization without TLS, and must never share their token generation keys with this testing tool.

←Usage - Testing BCP-003-01 TLS · Index↑ · Usage - Testing of SDP Files→