The Watch Together Authentication server has two parts, the first one is hosted in the Media Server Cluster (MSC), the customer enclave, and the second is hosted by you in your data center/cloud.
This architecture will allow you to apply and integrate your own logic for supplying valid token to the clients and apply your own security standards.
- Tokens are only valid for a specific session and the JWT token describes the connection details
- Tokens are generated only once and therefore need to be persisted on the CustomerAuthServer
- For two clients to be able to connect to the same session the clients must have exactly the same JWT token
As we require that Clients will not directly request tokens from our Authentication service (CAS) we would like to suggest an authentication flow for your backend.
In this flow, we suggest a way to create a backend service that will be hosted on your side and will allow different clients to connect by sharing a
Customer authentication server - suggested flow