Question/Issue
How does the DRM license token proxy work, and what are the advantages over the general token based integration?
Short Description
The token proxy method refers to a method in which the service backend relays the license request/response between the client device and the DRM license server.
Compared to the general token based integration that does not go through a proxy, the token proxy integration provides the following advantages.
- Additional DRM license management using custom license response
- The proxy server can receive a custom format license response containing additional information such as device ID and license expiration time.
- The service can use this information to implement non-DRM control logic such as “limit the number of devices per user”. - Better security processing
- Before forwarding the client’s license request to the DRM server, the proxy can verify the user’s content entitlement, and the DRM license server communication segment is not exposed to the client.
- This enables higher security controls compared to the general token based license integration.
How to Apply
Token proxy can be applied as follows. Since it requires understanding and implementation of license tokens, it is recommended to apply the token based license integration first before adopting the token proxy method.
Step 1: Implement the proxy on the backend server
First, build a token proxy server on the content service backend with the following capabilities implemented.
DoveRunner provides a sample project that you can use as a reference for building a token proxy: Token proxy integration sample
- Parsing custom data in the license request
- The client’s DRM license request consists of the challenge data in the body and custom data (for user authentication) in the header.
- The minimum required information in the custom data is UserID and ContentID, and the header name and values can be defined by the service as needed. - User entitlement validation
- Using information such as UserID and ContentID contained in the parsed custom data, the proxy verifies whether the user is entitled to access the content.
- For unauthorized users, the proxy returns an appropriate error to the client. - Generate a license token and forward the request to the DRM server
- If entitlement validation succeeds, the proxy adds the license token value as a custom header to the DRM challenge data (body) received from the client and forwards it to the DRM server. (Use the header namepallycon-customdata-v2.) - Receive the license response and forward it to the client
- The proxy receives the response from the DRM server and forwards it to the client.
- If “custom response” is enabled in the token data, the proxy can process custom response data such as device ID during this step and return only the license data to the client.
Step 2: Client side DRM license integration
- Set the token proxy server URL as the DRM license URL
- Instead of the DoveRunner license server URL, configure the client to use your proxy server URL. - Include custom data to be delivered with the license request
- You can deliver data to the proxy via custom headers, session, cookies, and other mechanisms as appropriate.
- DoveRunner Mobile SDKs support cookie configuration and an HTTPCallback interface to facilitate communication with the proxy.