developer
media
Getting Started with OAuth2 for Media Processing and JavaScript
Griffin Solot-Kehl

OAuth Token based authentication is a powerful tool that allows a user to store access credentials on the client side without exposing any sensitive information, such as API keys, which are a good option to use for authentication in browser or mobile development.

Additionally, OAuth Tokens are useful for tools such as Zapier, which tend to prefer or require OAuth Tokens over typical API keys.

In this guide, we will walk through setting up a webpage to handle OAuth 2 authentication for your Dolby.io API calls by storing them as cookies to be referenced whenever an API call is made.

Prerequisites

To build this program, we will be using a third party library, Axios, to help us handle HTTP requests. Any request-like library will work here in place of axios, just ensure that the code is changed following its respective syntax. We can add axios to our program with the following line in the header of our HTML:

<script src="https://unpkg.com/axios/dist/axios.min.js"></script>

Cookie Management

As mentioned before, we are going to be using cookies to store our generated authentication token, so we can refer back to it for subsequent API calls instead of creating a new one every time. To start, we will add some helper functions to handle cookie management. The first, setCookie, allows us to set a cookie with a key:value pair. The second, getCookie[1], allows us to get the value of a cookie from the key.

As a note, we are using max-age[2] instead of expires as a more modern solution to fit the 12 hour expiry of the token. We’re also setting SameSite=Lax[3] and Secure[4] for security precautions, as while our token expires after 12 hours, we still don’t want unauthorized users getting access to it.

// Helper function to store OAuth 2 Cookie
function setCookie(name, value) {
  let maxAge = `;max-age=${12 * 60 * 60}`; // Expire cookie at 12 hours
  document.cookie =
    name + "=" + value + maxAge + ";path=/" + ";SameSite=Lax" + ";Secure";
}
 
// Helper function to get cookie value from key
function getCookie(name) {
  let value = "; " + document.cookie;
  let parts = value.split(`; ${name}=`);
  if (parts.length == 2) return parts.pop().split(";").shift();
}

Generating the Token

Then, we will create the function that will create the token, adapted from the docs reference.

As we are working on client side Javascript, Buffer requires a separate library. Thankfully, most modern browsers support btoa() as a way to Base64 encode strings.

// Function that takes in the base64 encoded parameters and create a JWT
function getToken(key, secret) {
  const params = new URLSearchParams();
  params.append("grant_type", "client_credentials");
 
  const config = {
    method: "post",
    url: "https://api.dolby.com/media/oauth2/token",
    headers: {
      // Convert key and secret to B64 encoding
      Authorization: `Basic ${btoa(`${key}:${secret}`)}`,
      "Content-Type": "application/x-www-form-urlencoded",
    },
    data: params,
  };
 
  axios(config)
    .then(function (response) {
      // Set the cookie value equal to the returned JWT
      setCookie("token", response.data.access_token);
    })
    .catch(function (error) {
      console.log(error);
    });
}

This will return a JSON Web Token in the .then() response, which we will then use our helper function to save to a cookie. We can then call on this cookie for our future Dolby.io API calls.

Prompting User Submission

Next, we will create a way for the user to input their credentials so that we can generate the token with them. Because we are saving our token as a cookie, the value will be stored in the browser, meaning we should only require input when the cookie has expired instead of at every API call.

In this case, we are using the prompt()[5] method to create a dialog if we detect that the cookie is not set upon loading the page, as it would work with a typical login workflow. An alternative solution might want to use instead is to check if the cookie is set each time the API call is made, to catch edge cases where the token has expired but the page has not been refreshed. In JavaScript, this would require the use of asynchronous functions with tools such as callbacks or promises.

Note: if running locally, be sure to use a browser that stores local cookies. For example, if running the index.html, Chrome will not store the cookie, while Firefox will. If testing locally, it is suggested to use Firefox.

// Check if non-expired cookie, otherwise prompts for input
document.addEventListener("DOMContentLoaded", function() {
  let token = getCookie("token");
  // Check to see if cookie exists
  if (!token) {
    let apiKey = prompt("Please enter Dolby.IO Media Processing API Key:");
    let secret = prompt("Please enter Dolby.IO Media Processing Secret:");
    getToken(apiKey, secret);
  }
});

To use the token in a Dolby.io Media Processing API call, we can replace the header x-api-key with Authorization: "Bearer <OAUTH_TOKEN>". Remember, we can get the value of our cookie by calling our helper function getCookie. For example, see this enhance request call below:

function enhanceRequest(name) {
  // Create API call
  const config = {
    method: "post",
    url: "https://api.dolby.com/media/enhance",
    headers: {
      // Cookie authorization called here!
      Authorization: `Bearer ${getCookie("token")}`,
      "Content-Type": "application/json",
      Accept: "application/json",
    },
    data: {
      input: "<DOLBYIO_INPUT_URL>",
      output: "<DOLBYIO_OUTPUT_URL>",
    },
  };
 
  // Send API response
  axios(config)
    .then(function (response) {
      let message = { jobId: response.data.job_id, fileName: name };
      console.log(message);
    })
    .catch(function (error) {
      console.log(error);
    });
}

It’s typically best practice to test credentials to see if they are valid before saving them, but in this example, we will just add a button to manually delete the cookie from the webpage to reset the value without going through the browser’s configuration pages.

In your HTML:

<button id="resetToken">Reset API Token</button>

In your JavaScript:

document.getElementById("resetToken").onclick = function() {
  setCookie("token", "");
};

And that’s it! Once the cookie is stored, all API calls will function as normal until the cookie expires or is manually deleted.

Get started by creating your free account today!

Tags: authentication, javascript, security
RELATED POSTS
DEVELOPER
MEDIA
How to Add Quality Assurance to Educational Video Production with Next.js

In this tutorial, learn how to automate this quality assurance process with Dolby.io and Next.js.

Daniel Latimer
|
nextjs
react
DEVELOPER
INTERACTIVITY
Set up a Live Stream with Dolby.io and Twitch

Use RTMP to set up a live stream with Dolby.io and Twitch.

Fabien Lavocat
|
rtmp
DEVELOPER
MEDIA
Generating Pre-Signed URLs for Azure Cloud Storage with Python

A getting started guide for integrating Azure cloud storage with Dolby.io’s media processing suite in Python through pre-signed URLs and shared access signatures.

Braden Riggs
|
azure
We're happy to chat about our APIs, SDKs...or magic.