I have a media services account and want to stream AES protected Dash content. I want to use the token given by AAD for this purpose. In the key/License authorizarion policy in the Azure portal, I am supplying the following values:
Token issuer: The values of the issuer is different in the token ("iss" claim: https://sts.windows.net/TenantID/) and in the discovery endpoint (https://login.microsoftonline.com/TenantID/v2.0). I have tried both of them separately.
Token scope: Herein, I am supplying the value of the "aud" claim in the token
Primary verification key: Herein, I am supplying the value of the "x5c" in the keys retrieved from the keys discovery endpoint, corresponding to "kid" in the token.
But when I run the code, I am still not able to decrypt the video and getting a 401 in the response to the keydelivery endpoint request.
Am I missing something here ?
Got the solution. There is a claim (urn:microsoft:azure:mediaservices:contentkeyidentifier) required in the token. If this claim is not there, we might get 401 unauthorized. Can read more here