How NxWitness generate the auth key?

In Progress

Comments

5 comments

  • Avatar
    Ichiro

    Hi Lim,

    401 simply means you might not use the proper authentication.

    Can you please elaborate the detail(as much as possible) to your implementation?

    Basically, we need to know which API request to which URL with which authentication schema.

    The more detail you sent we might understand your case more clearly so we can provide the proper suggestions if any

    Thanks for your understanding.

    0
    Comment actions Permalink
  • Avatar
    Sivvie Lim

    Hi Ichiro, thank you for your reply. 

    What we have do in our steps is:

    1. UI request to our API for the HLS URL.

    2. Our API request to this NxWitness endpoint to get the url:
    http://admin:xxx@192.168.1.1:7001/hls/01e705f1-b8ea-e7e3-299e-cbba42d98304.m3u?pos=2024-08-20T16:34:18.434Z

    3. After getting the auth key, our API will return the url to UI

    4. UI will use the returned URL to call directly to the NxWitness to play the VOD:
    http://192.168.1.1:7001/hls/01e705f1-b8ea-e7e3-299e-cbba42d98304.m3u?authKey=e4f529c[…]E0OQ==&pos=2024-08-20T16:34:18.434Z&chunked&sessionID=757&lo

    These 4 steps will repeat for every VOD request, the issue facing was when we switched the camera from 1 to another and request VOD, the second request will have the 401 response. 

     

    Below is the overall process:

    UI(request camera 1) -> API (return url) -> UI (use URL to call) -> NxWitness (return OK)
    ~after 5 seconds~
    UI(request camera 2) -> API (return url) -> UI (use URL to call) -> NxWitness (return 401)

    0
    Comment actions Permalink
  • Avatar
    Ichiro

    Hi Lim,

    We don't support this HTTP Basic authentication, this security risk is too high.
    You are asked to implement the Digest or Bearer Token (Oauth2) , and this is required and a mandatory approach.

    However, we now recommend Oauth mainly, please refer to this article : https://meta.nxvms.com/docs/developers/knowledgebase/324-authorizing-a-web-app

    Also, the authKey might be different for each request, as a result, we kindly request you to change the implementation due to the new authentication schema and security consideration.

    Thanks.

     

    0
    Comment actions Permalink
  • Avatar
    Sivvie Lim

    Hi Ichiro,

    I see, however we are running on a non-internet environment, just the on-premise applications. 

    Any other method that without using the internet? 

    0
    Comment actions Permalink
  • Avatar
    Ichiro

    Hi Lim,

    There is no need to have Internet for Oauth2 authentication.  You can either send the authentication request (for valid token retrieve) to either cloud host or the mediaserver.

    Please refer to this article in the knowledge base (which we highly recommend you can search the resources in KB first for any integration request), also, there are some code samples on the Nx Open GitHub repo.

    Thanks,

    0
    Comment actions Permalink

Please sign in to leave a comment.