search

SRGSSR / srgletterbox-apple

The official SRG SSR media playback experience
https://srgssr.github.io/marketing/letterbox/
MIT License
14 stars 7 forks source link

Media playback errors for token-protected content when using Airplay #1

Closed defagos closed 6 years ago

defagos commented 7 years ago

For token-protected content, playback will fail if Airplay is enabled ~30 seconds after the video has been started on a phone or tablet.

Issue overview

Description of the problem

The playback URL is sent as is from the iOS device to the Airplay receiver when Airplay is enabled (see https://nto.github.io/AirPlay.html#video). After ~30 seconds, and for token-protected content, the URL which is sent to the receiver is not valid anymore, though, since the token has expired. Content therefore fails to play on the Airplay device, and Letterbox receives a cryptic Unknown error from the internal AVPlayer:

[Controller] Playback did fail with error: Error Domain=ch.srgssr.mediaplayer Code=0 "The media cannot be played" UserInfo={NSLocalizedDescription=The media cannot be played, NSUnderlyingError=0x17025f740 {Error Domain=AVFoundationErrorDomain Code=-11800 "The operation could not be completed" UserInfo={NSUnderlyingError=0x17025e0f0 {Error Domain=NSOSStatusErrorDomain Code=-12926 "(null)"}, NSLocalizedFailureReason=An unknown error occurred (-12926), NSLocalizedDescription=The operation could not be completed}}}

Environment information

Reproducibility

Steps to reproduce

  1. Open the Letterbox demo
  2. Use the basic player to play media A, which is token-protected
  3. Wait 30 seconds
  4. Enable Airplay
  5. Playback fails
defagos commented 7 years ago

Akamai support has been contacted. We should strive to avoid a fix on our side since we have many issues to deal with (playhead position, current segment, whether this segment was selected, etc.):

We have discovered a major incompatibility between Akamai secure token and Airplay on Apple devices (iPhone and iPad). When you play content over Airplay, e.g. on an Apple TV, the Akamai token-protected stream URL is sent from the iPhone / iPad to the Apple TV receiver, which will start playing it. But if the token has expired in the meantime (which is very likely since tokens have a lifetime of ~30 seconds), the Apple TV will receive an authorization error and won’t be able to play the content.

This problem affects our iOS applications as well as our web-based player on mobile.

You can easily reproduce the problem with the web-based player using an iPhone or iPad and an Apple TV:

  1. Open Safari on the iPhone or iPad and go to www.rts.ch/play/tv/direct. Play one of our livestreams, which are token-protected
  2. Open the iOS control center by sliding your finger from the bottom of the screen, and select the Apple TV as output device

If you perform steps 1 and 2 in a row, playback will resume on the Apple TV. But if you repeat the same procedure, waiting 30 seconds between steps 1 and 2, playback will not resume on the Apple TV since the token has expired in the meantime.

We cannot control how Airplay works (this is a private Apple protocol), and there is no way to ask the Apple TV to retrieve a fresh token. We assume this problem was already discovered by some of your clients since it should be pretty common. There are probably some guidelines on your side how to handle Airplay in a way compatible with Akamai secure token. Could you provide us with such information or do you have any technical contact person we could have a discussion with?

defagos commented 6 years ago

We have mitigated token expiration issues where we could (#63), but in all cases involving AirPlay there is sadly nothing to be done.

Until we stop using Akamai tokens and replace them with proper DRM solutions, we cannot do much more. The current behavior with non-protected content is correct (even in tricky cases like AirPlay in multi-controller configurations, see #123), but there is nothing to do for protected streams.

defagos commented 6 years ago

Gosh I was wrong. It is possible to have correct behavior using a custom asset resource loader delegate. This will be improved as part of our work on DRM support.