Page Contents

    Managing Viewer Authentication

    In this topic, you will learn about managing viewer authentication credentials.

    Introduction

    Viewer Authentication Credentials are tokens that determine how long viewers can use the app without re-entering their credentials. Tokens dictate the duration of credentials. Brightcove offers Beacon default (OAuth) authentication and OIDC authentication that use the tokens. This topic details how to view and set the value for tokens.

    Token definitions and durations

    If authentication is required, the viewer must use their login credentials to use the Beacon app. The question is then how long is the duration of successful login valid. The answer to this question is controlled by the duration of the authorization and refresh tokens.

    • The authorization token duration sets how long the viewer can use the app without re-authenticating. For instance, if the authentication token duration is valid for five days, every five days the viewer must use their credentials to log in again.
    • The refresh token can be used as a courtesy to viewers. You may wish not to force them to login too frequently but still insure security. The use of the refresh token is as follows:
      • The viewer's authorization token expires or somehow becomes invalid.
      • The authorization server uses a valid refresh token to allow the viewer to obtain a new authorization token.
      • The viewer gets a new authorization token and can continue to use the Beacon app.

    Of course, at some point the refresh token expires and the viewer must use their credentials to log in again.

    Beacon default (OAuth) authentication

    When using the Beacon authentication the default durations for the tokens are:

    • The authorization token is good for one week.
    • The refresh token is good for one month.

    Later in this document the steps are shown on how to change the default timeout settings.

    Third-party OIDC authentication

    If you use third party OIDC authentication, you need to contact that provider for information on implementation and duration settings.

    Change token durations

    Based on your Authentication implementation, you either use default (OAuth) authentication or OIDC authentication. Different screens are displayed based on that.

    Beacon default (OAuth) authentication

    To configure with Beacon default (OAuth) authentication, follow these steps:

    1. Login to Beacon Studio.
    2. In the primary navigation, click Admin settings.
      click-admin
    3. The App Settings page appears. Click Authentication.
      click-authentication
    4. Note the durations are showing here, but you have to contact Support to change them.
      beacon-token
      • Authentication token duration: Timeframe for authenticated app use by the viewer.
      • Refresh token duration: Timeframe for automatic reissue of the viewer's authentication token.

      To learn more about how authentication and refresh tokens work, click here.

    Third-party OIDC authentication

    To configure with Third-party OIDC authentication, contact your provider to request a change to token durations.

    OIDC-authentication
    Page last updated on 17 Oct 2022