This repository includes sample code to generate JSON Web Tokens (JWT) that can be used to interact with Vbrick Rev Platform. For more information on using Vbrick Rev JWT for authentication please refer to https://revdocs.vbrick.com/reference/jwt-authentication
The private key must be a RSA key of at least 2048 bits.
# Option 1 - private key via genpkey
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out signing.private.key
# Option 2 - genrsa then convert (if using old version of openssl)
openssl genrsa -out tmp.rsa.key
openssl pkcs8 -in tmp.rsa.key -nocrypt -topk8 -out signing.private.key
rm tmp.rsa.key
Rev expects you to provide the corresponding Public Key for your Private Key in X.509 certificate format. This cert can be self-signed and the Subject (CN) is arbitrary, since Rev will only be using the enclosed Public Key for JWT verification. The Public Key must have RSA-OAEP 256 padding (as per JWT/JOSE standards).
Set the validity duration (-days
) according to your security policy. Note that the encryption certificate Rev generates is valid for two years, so keys will need to be rotated before that time.
openssl req -x509 -nodes -key signing.private.key -days 730 -subj /CN=rev-jwt-gen -batch -pkeyopt rsa_padding_mode:oaep -out signing.public.pem
- Enable JWT Signing in Rev Admin and click save.
- Add the signing certificate in JWT section and download/copy resulting encryption certificate.
- Use the signing private key and encryption cert when generating JWTs
Once configured JWT authentication can be used to:
- cookie-less embedding of videos/webcasts with the Rev Javascript SDK
- Add as the
jwt_token
query parameter for automatic authentication when sharing/embedding. - REST API authentication
NOTE: The sub
(subject) value when generating a JWT MUST match the username or email address of a valid Rev user. You can only have one active JWT authentication session for a given named user at a time.
The encryption certificate that Rev generates is valid for two years. Rev allows having two active signing certificate entries at a time to allow key rotation.
This sample code is distributed "as is", with no warranty expressed or implied, and no guarantee for accuracy or applicability to your purpose.