As a developer using the movingimage REST API, it is important to allow the use of alternative hostnames to send API requests to. This is because some customers are using VideoManager Pro on a custom domain. This is why the endpoints you will use to authenticate a user are discoverable. First you must identify the OpenID Connect Provider location, where you will then make the request for the endpoints. This is done via the "/.well-known/webfinger" endpoint. WebFinger is a protocol meant for discovering information about entities on the internet. It is used by simply defining a resource URI (the entity you want information about). WebFinger will then return information in the form of a standardized JSON response, which is referred to as a JSON Resource Descriptor (JRD). This request and its response JRD are shown in the example below.
The host URLs in the methods below refer to the general live instance of movingimage. Customers using a VideoManager on a custom domain must adjust the URLs accordingly.
Example Request:
curl https://api.video-cdn.net/.well-known/webfinger?resource=https://api.video-cdn.net/v1/
Take note that the root API host is used with the "/.well-known/webfinger" endpoint and the resource parameter should be the API's base URL.
Example Response:
{
"subject": "https://api.video-cdn.net/v1/",
"properties": {
"https://api.video-cdn.net/v1/keycloak/realm": "platform",
"https://api.video-cdn.net/v1/keycloak/auth-server-url": "https://login.movingimage.com/auth/"
},
"links": [
{
"rel": "http://openid.net/specs/connect/1.0/issuer",
"href": "https://login.movingimage.com/auth/realms/platform/.well-known/openid-configuration"
}
]
}
The response header will confirm the "Content-Type" as "application/jrd+json". The header will also include the "Expires" and "Cache-Control" values. Use these to help you cache this data for the amount of time indicated (Cache-Control max-age is indicated in seconds).
OpenID Provider Configuration Metadata
To find the needed endpoints, you will need a URL from the JRD to retrieve your OpenID Provider Configuration (JSON data that contains the endpoints). Locate the list of "links" objects and note the following:
"rel" - this URI identifies the type of service whose location is being requested
"href" - this is the "Issuer Location"
You must find the object that uses "http://openid.net/specs/connect/1.0/issuer" as the "rel" value and use the issuer location "href" URL from that object to make a GET request.
Example:
curl https://login.movingimage.com/auth/realms/platform/.well-known/openid-configuration
Metadata returned from this request will contain two important endpoint URLs: the authorization endpoint and the token endpoint. This is all we will need from this configuration data but you can read the OpenID Connect Discovery 1.0 Documentation for a more complete detailing of the response.
Condensed Example Response:
{
"authorization_endpoint": "https://login.movingimage.com/auth/realms/platform/protocol/openid-connect/auth",
"token_endpoint": "https://login.movingimage.com/auth/realms/platform/protocol/openid-connect/token"
}
The header will include a "Cache-Control" value. Use this to help you cache this data for the amount of time indicated (max-age is indicated in seconds).