Uploaded image for project: 'SimplyE 2.0'
  1. SimplyE 2.0
  2. SIMPLY-2301 Implement DPLA Audiobooks in Android interface
  3. SIMPLY-2508

Negotiate bearer tokens and use them to fulfill items in the reading order of a Feedbooks audio manifest

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Medium Medium
    • 5.1.0 (Android)
    • Android
    • None
    • SIMPLY S3 January 21 - Feb 4, SIMPLY S4 February 4 - 18, SIMPLY S5 Feb 18 - March 3, SIMPLY S6 March 3 - March 17, SIMPLY S7 March 17 - March 31, SIMPLY S8 March 31 - April 14, SIMPLY S9 April 14 - 28, SIMPLY S10 April 28 - May 12, SIMPLY S11 May 12 - May 26, SIMPLY S12 May 26 - June 9, SIMPLY S13 June 9 - June 23, SIMPLY S14 June 23 - July 7, SIMPLY S15 July 7 - July 21, SIMPLY S16 July 21 - August 4, SIMPLY S17 August 4 - 18, SIMPLY S18 August 18 - Sep 1, SIMPLY S19 September 1 - 15, SIMPLY 22 Oct 14 - Oct 27, SIMPLY S20 September 15 - 29, SIMPLY S21 Sep 29 - Oct 13, SIMPLY S23 Oct 27 - Nov 10, SIMPLY S24 Nov 10 - 24, SIMPLY S25 Nov 24 - Dec 8, SIMPLY Sprint 26 Dec 8 - 22, SIMPLY S0 Dec 22 - Jan 5, SIMPLY S1 January 5 - 19

      From the spec:

       

      Any resource referenced in the `readingOrder` or in the `resources` of a manifest, <strong class="rfc">may</strong> indicate that the URI of the resources requires authentication.
In the context of audiobooks distributed by Feedbooks & De Marque, this is expressed using the `encrypted` property and a dedicated `scheme`: `http://www.feedbooks.com/audiobooks/access-restriction`.
*Example 3: Resource in the reading order with access restriction*
```json
"readingOrder": [
 {
 "href": "http://example.com/chapter1.mp3",
 "type": "audio/mpeg",
 "title": "Chapter 1",
 "duration": 1380,
 "properties": {
 "encrypted": {
 "scheme": "http://www.feedbooks.com/audiobooks/access-restriction",
 "profile": "https://www.cantookaudio.com"
 }
 }
 }
]
```
When a resource is identified as such, the User Agent <strong class="rfc">must</strong> provide a Bearer Token to obtain a temporary access to the resource.
Under the `http://www.feedbooks.com/audiobooks/access-restriction` scheme, the Bearer Token is a JSON Web Token with the following properties:
- `iss` <strong class="rfc">must</strong> be set to a unique URI controlled by the User Agent
- `sub` <strong class="rfc">must</strong> contain the URI of the resource requested by the User Agent
- `jti` <strong class="rfc">must</strong> contain a unique string
The JWT <strong class="rfc">must</strong> be signed using HMAC-SHA256 and a secret shared between the distributor and the User Agent.
The User Agent can identify which secret should be used by inspecting the `profile` included in the `encrypted` object.
The distributor can identify which User Agent is attempting to access a resource by inspecting the issue (`iss`) of the JWT.
Upon a successful request, the distributor <strong class="rfc">may</strong> use an HTTP redirect to provide the temporary location of the resource.

       

      To get this to work we need to agree with DPLA/Feedbooks on a shared secret, and let them know the URI we're using as 'iss'.

            JosephDalton Joseph Dalton
            leonardrichardson Leonard Richardson [X] (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: