Application Managed Login

Senza Configuration

To integrate with the Host Platform Authentication Services, the Senza tenant needs to be configured with the following "hostPlatformAuth" properties:

The HS Device Identifier will be carried by the "sub" (subject) claim as per RFC7519 - JSON Web Token (JWT)

Device Initialization

The format of the assertion is as per JSON Web Token (JWT) and it includes the following fields/claims:

• "iss" (Issuer): Synamedia fixed issuer: https://oauth-config.streaming.synamedia.com/authn
• "aud" (Audience): see Hyperscale configuration
• "iat" (Issued At): generated on each request per JWT spec
• "jti" (JWT ID): generated on each request as per JWT spec
• "exp" (Expiration): generated on each request per JWT spec
• "sub" (Subject): string that carries a prefix and the deviceId. The prefix is configurable as described in "Hyperscale configuration".

The request might trigger the OIDC Connect Discovery Protocol as specified in OpenID Connect Discovery 1.0

Example

Let's assume we have a device with a deviceId identifier and a Senza tenant with the following configuration parameters:

subject: <urn:synamedia:oauth:identifier:hyperscale:{deviceId}>
audience: <auth_base_url>

The device boots up and authenticates/registers with the Senza platform. The application requests client assertion via the SDK GetClientAssertion API. The Senza platform then generates the following client_assertion:

{
  "iss": “<issuer>”,
  "aud": “<audience>”,
  "iat": <issued at tome>,
  "jti": “<jti>”,
  "sub": “<subject>”,
  "exp": <expiration>
}

The application may use this client assertion and call host platform authorizer service to generate the access token.