Documentation
Community & SupportDashboard

Using custom claims in content key policies

Suggest Edits

In MK.IO, each content policy can be assigned one or more DRM. Multiple content policies can be associated to the same DRM as well. However, in this case, the key server will require some more information to discriminate the right content policy to use.

To achieve that, MK.IOallows defining custom claims in the content policies with token restrictions. Those custom claims will then be compared to the claims in the JWT token to elect the content policy to use.

Content key policies with custom claims are created using the contentKeyPolicies endpoint in MK.IO API.

Below is a sample content policy that adds custom claims to the Widevine policies. 

curl --request PUT \
     --url https://api.io.mediakind.com/api/ams/project_name/contentKeyPolicies/content_policy_name \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --header 'x-mkio-token: "mk.io token" \
     --data '
{
    "properties": {
        "options": [
            {
                "name": "widevine-persistent",
                "restriction": {
                    "issuer": "issuer",
                    "audience": "audience",
                    "@odata.type": "#Microsoft.Media.ContentKeyPolicyTokenRestriction",
                    "restrictionTokenType": "Jwt",
                    "primaryVerificationKey": {
                        "keyValue": "12345678",
                        "@odata.type": "#Microsoft.Media.ContentKeyPolicySymmetricTokenKey"
                    },
                    "requiredClaims": [
                        {
                            "claimType": "persistency",
                            "claimValue": "permanent"
                        }
                    ]
                },
                "configuration": {
                    "@odata.type": "#Microsoft.Media.ContentKeyPolicyWidevineConfiguration",
                    "widevineTemplate": "{}"
                }
            },
            {
                "name": "widevine-2h",
                "restriction": {
                    "issuer": "issuer",
                    "audience": "audience",
                    "@odata.type": "#Microsoft.Media.ContentKeyPolicyTokenRestriction",
                    "restrictionTokenType": "Jwt",
                    "primaryVerificationKey": {
                        "keyValue": "12345678",
                        "@odata.type": "#Microsoft.Media.ContentKeyPolicySymmetricTokenKey"
                    },
                    "requiredClaims": [
                        {
                            "claimType": "persistency",
                            "claimValue": "2hours"
                        }
                    ]
                },
                "configuration": {
                    "@odata.type": "#Microsoft.Media.ContentKeyPolicyWidevineConfiguration",
                    "widevineTemplate": "{}"
                }
            }
        ],
        "description": ""
    }
}
'

Depending on the value for the "persistency" key in the JWT token, MK.IOwill elect the policy to use, either widevine-2h or widevine-persistent.

The content key policy can then be used when preparing the asset for streaming in the Stream Live and VOD assets section

Updated 8 days ago