If your key server requires authentication, provide the keyServerAuth callback. The player calls it before every key request and attaches the returned token as a Bearer header.
Basic setup
import { createPlayer } from "@blindcast/player"
const result = createPlayer(videoEl, {
keyServerUrl: "https://keys.example.com/keys",
keyServerAuth: async () => {
// Return the raw token — the player prepends "Bearer "
return getAccessToken() // e.g., "eyJhbGciOiJIUzI1NiI..."
},
})
async, so you can fetch or refresh tokens before returning:
keyServerAuth: async () => {
if (isTokenExpired(currentToken)) {
currentToken = await refreshToken()
}
return currentToken
}
How it works
- The player encounters an
EXT-X-KEY tag in the manifest
- Before fetching the key, it calls your
keyServerAuth() function
- The returned string is sent as
Authorization: Bearer <token>
- If the key server returns 401 or 403, the player emits a
KEY_AUTH_FAILED error
Error handling
player.on("error", (err) => {
if (err.code === "KEY_AUTH_FAILED") {
// Token is invalid or expired — prompt re-login
redirectToLogin()
}
})
Never log the token returned by keyServerAuth. The player does not include tokens in error messages or metrics.
