-
Sub-task
-
Resolution: Done
-
Medium
-
None
-
SIMPLY S3 January 21 - Feb 4, SIMPLY S4 February 4 - 18, SIMPLY S5 Feb 18 - March 3, SIMPLY S6 March 3 - March 17, SIMPLY S7 March 17 - March 31, SIMPLY S8 March 31 - April 14, SIMPLY S9 April 14 - 28, SIMPLY S10 April 28 - May 12, SIMPLY S11 May 12 - May 26, SIMPLY S12 May 26 - June 9, SIMPLY S13 June 9 - June 23, SIMPLY S14 June 23 - July 7, SIMPLY S15 July 7 - July 21, SIMPLY S16 July 21 - August 4, SIMPLY S17 August 4 - 18, SIMPLY S18 August 18 - Sep 1, SIMPLY S19 September 1 - 15, SIMPLY 22 Oct 14 - Oct 27, SIMPLY S20 September 15 - 29, SIMPLY S21 Sep 29 - Oct 13, SIMPLY S23 Oct 27 - Nov 10, SIMPLY S24 Nov 10 - 24, SIMPLY S25 Nov 24 - Dec 8, SIMPLY Sprint 26 Dec 8 - 22, SIMPLY S0 Dec 22 - Jan 5, SIMPLY S1 January 5 - 19
From the spec:
Any resource referenced in the `readingOrder` or in the `resources` of a manifest, <strong class="rfc">may</strong> indicate that the URI of the resources requires authentication. In the context of audiobooks distributed by Feedbooks & De Marque, this is expressed using the `encrypted` property and a dedicated `scheme`: `http://www.feedbooks.com/audiobooks/access-restriction`. *Example 3: Resource in the reading order with access restriction* ```json "readingOrder": [ { "href": "http://example.com/chapter1.mp3", "type": "audio/mpeg", "title": "Chapter 1", "duration": 1380, "properties": { "encrypted": { "scheme": "http://www.feedbooks.com/audiobooks/access-restriction", "profile": "https://www.cantookaudio.com" } } } ] ``` When a resource is identified as such, the User Agent <strong class="rfc">must</strong> provide a Bearer Token to obtain a temporary access to the resource. Under the `http://www.feedbooks.com/audiobooks/access-restriction` scheme, the Bearer Token is a JSON Web Token with the following properties: - `iss` <strong class="rfc">must</strong> be set to a unique URI controlled by the User Agent - `sub` <strong class="rfc">must</strong> contain the URI of the resource requested by the User Agent - `jti` <strong class="rfc">must</strong> contain a unique string The JWT <strong class="rfc">must</strong> be signed using HMAC-SHA256 and a secret shared between the distributor and the User Agent. The User Agent can identify which secret should be used by inspecting the `profile` included in the `encrypted` object. The distributor can identify which User Agent is attempting to access a resource by inspecting the issue (`iss`) of the JWT. Upon a successful request, the distributor <strong class="rfc">may</strong> use an HTTP redirect to provide the temporary location of the resource.
To get this to work we need to agree with DPLA/Feedbooks on a shared secret, and let them know the URI we're using as 'iss'.
- clones
-
SIMPLY-2503 Negotiate bearer tokens and use them to fulfill items in the reading order of a Feedbooks audio manifest
- Done