Brightcove Auth Proxy

The Brightcove access_token endpoint doesn't support CORS and requires the use of an Authorization header to retrieve an access token.

Thus, requests from web clients must be funneled through a server-based component which sets the Authorization header.

This is a quick and dirty implementation of an endpoint that supports retrieving an access token using express but is still compatible with the ASP.Net MVC based proxy contained in the connector VS Solution.

This endpoint listens to POSTs to localhost:3001/api/obtainAccessToken

Installation

With a recent version of nodejs installed:

npm install brightcove-auth-proxy

Then, to run:

brightcove-auth-proxy

use a process manager like PM2 to ensure the process continuously runs:

npm install pm2 -g
pm2 start brightcove-auth-proxy

Settings

The auth proxy implementation uses a clientid/clientsecret defined in request objects, however, if one would rather define the clientid/secret on the server (and ignore the supplied id/secret in the request), use following environment variables:

CORS whitelisted domains and port can be controlled as well.

Environment Variables:

export BC_ClientId=clientid
export BC_ClientSecret=clientsecret
export BC_GrantType=clientsecret
export BC_Whitelist=comma seperated domains
export BC_Port=port number

SSL

The following environment variables control SSL:

export BC_SSL_Port=SSL port number
export BC_SSL_Cert=path to ssl cert
export BC_SSL_Key=path to ssl private key

To obtain a cert for local development, use openSSL:

openssl req -x509 -out localhost-3002.crt -keyout localhost-3002.key \
  -newkey rsa:2048 -nodes -sha256 \
  -subj '/CN=localhost:3002' -extensions EXT -config <( \
   printf "[dn]\nCN=localhost:3002\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost:3002\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

export BC_SSL_Cert=~/localhost-3002.crt
export BC_SSL_Key=~/localhost-3002.key