[Feature] JWT Support for hls_key_url in SRS #4426
Description
I would like to secure AES key delivery for HLS streams by adding a JWT token as a query parameter in hls_key_url.
Currently, my configuration looks like this:
hls_key_url https://live.cdn.mobifoneglobal.vn/key?sig=<jwt_token>;
However, SRS does not natively support dynamically generating or appending a JWT token at runtime.
Request:
Add support for dynamic JWT token generation or injection for hls_key_url.
Ideally, allow using placeholders like [jwt] or provide a callback (e.g., on_key_request) so that SRS can request a fresh JWT from an external server and append it to the hls_key_url.
Expected outcome:
When a client plays the HLS stream, the generated .m3u8 should contain a key URI with a valid JWT token, for example:
#EXT-X-KEY:METHOD=AES-128,URI="https://live.cdn.test.vn/key?sig=eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp..."
listen 1935;
max_connections 1000;
daemon off;
srs_log_tank console;
http_server {
enabled on;
listen 8080;
dir ./objs/nginx/html;
}
vhost defaultVhost {
hls {
enabled on;
hls_fragment 10;
hls_window 60;
hls_path ./objs/nginx/html;
hls_m3u8_file [app]/[stream].m3u8;
hls_ts_file [app]/[stream]-[seq].ts;
hls_keys on;
hls_fragments_per_key 5;
hls_key_file [app]/[stream]-[seq].key;
hls_key_file_path ./objs/nginx/html;
hls_key_url https://live.cdn.mobifoneglobal.vn/key?sig=<jwt_token>;
}
}