Authentication - BlindCast

If your key server requires authentication, provide the keyServerAuth callback. The player calls it before every key request and attaches the returned token as a Bearer header.

Basic setup

import { createPlayer } from "@blindcast/player"

const result = createPlayer(videoEl, {
  keyServerUrl: "https://keys.example.com/keys",
  keyServerAuth: async () => {
    // Return the raw token — the player prepends "Bearer "
    return getAccessToken() // e.g., "eyJhbGciOiJIUzI1NiI..."
  },
})

The callback is async, so you can fetch or refresh tokens before returning:

keyServerAuth: async () => {
  if (isTokenExpired(currentToken)) {
    currentToken = await refreshToken()
  }
  return currentToken
}

How it works

The player encounters an EXT-X-KEY tag in the manifest
Before fetching the key, it calls your keyServerAuth() function
The returned string is sent as Authorization: Bearer <token>
If the key server returns 401 or 403, the player emits a KEY_AUTH_FAILED error

Error handling

player.on("error", (err) => {
  if (err.code === "KEY_AUTH_FAILED") {
    // Token is invalid or expired — prompt re-login
    redirectToLogin()
  }
})

Never log the token returned by keyServerAuth. The player does not include tokens in error messages or metrics.

Basic Usage

Lease-Based Revocation

Documentation Index

​Basic setup

​How it works

​Error handling

Basic setup

How it works

Error handling