Generate a signed content URL for DRM playback (JW Platform)

💡
If you plan to use Chromecast to cast content that has DRM content protection enabled, a custom receiver must be used.

Use the following steps to generate a signed content URL for DRM playback:

Retrieve the JWX content URL. JWX content URLs have the following format: https://cdn.jwplayer.com/v2/sites/{site_id}/media/{media_id}/playback.json.

Approach	Notes
API	Follow these steps to retrieve the `media_id` for the URL: Make a GET v2/sites/{sites_id}/media/ call. Locate the key for a media item in the API response.
Dashboard	Follow these steps to retrieve the `media_id` and `site_id` for the URL: From your Media library, copy the media ID from the MEDIA ID column. Copy the eight-digit, alphanumeric site ID from the browser URL

Retrieve the JWX DRM policy ID:
1. On the Properties page, click the property name.
2. On the Content Protection tab, under Digital Rights Management, copy the DRM policy ID.
  📘
  Read Studio DRM with JW Platform Policy Reference to learn more about the DRM Policies.

Append the DRM Policy ID to the content URL.

https://cdn.jwplayer.com/v2/sites/{site_id}/media/{media_id}/playback.json?drm_policy_id={policy_id}

Sign the content URL by appending a JWT signature. We strongly recommend using a proxy service to generate JSON web tokens (JWTs). If you generate JWTs within client-side JavaScript or a native app, you risk exposing your API secret.
```
https://cdn.jwplayer.com/v2/sites/{site_id}/media/{media_id}/playback.json?drm_policy_id={policy_id}&token={JWT}
```
Pass the content URL to a player or other implementation.

Sample Code

The following code sample can be used as the foundation for your DRM implementation.

"""
This script demonstrates how to generate a signed URL for requesting DRM assets from the Delivery API. 
It takes four arguments: a Site ID, a Media ID, a DRM Policy ID, and the V1 API secret (available in the 
API Credentials area of your <<company>> Dashboard) for your DRM-enabled property. The signed URL will be 
printed to your terminal.

Usage

1.) Create and activate a Python virtual environment:
    - $ python3 -m venv venv
    - $ source venv/bin/activate
2.) Install `jose`, a JWT library
    - $ pip3 install python-jose
3.) Run script.
    - $ python3 jw_drm.py {site_id} {media_id} {drm_policy_id} {v1_api_property_secret}
"""

import argparse
import json
import math
import time
from urllib.parse import urlparse

from jose import jwt

def generate_jwt_token(path: str, api_secret: str, parameters: dict[str, str]):
    """
    Generates JWT token for given request path
    """
    # Generate epoch timestamp of now + 1 hour for link expiration. 
    exp = math.ceil((time.time() + 3600))
    params = {**parameters, "resource": path, "exp": exp}
    return jwt.encode(params, api_secret, algorithm="HS256")

def generate_signed_drm_url(site_id: str, media_id: str, drm_policy_id: str, api_secret: str):
    """
    Generates a signed URL which can be used to fetch a DRM-protected media asset
    """
    path = f"/v2/sites/{site_id}/media/{media_id}/playback.json"
    token = generate_jwt_token(path, api_secret, {"drm_policy_id": drm_policy_id})
    return f"https://cdn.jwplayer.com{path}?drm_policy_id={drm_policy_id}&token={token}"

if __name__ == "__main__":
    parser = argparse.ArgumentParser()
    parser.add_argument("site_id", help="Site ID where the media exists")
    parser.add_argument("media_id", help="Media ID to request")
    parser.add_argument("drm_policy_id", help="DRM Policy settings to apply to session")
    parser.add_argument("api_secret", help="V1 API Secret for DRM-enabled property")
    args = parser.parse_args()
    signed_drm_url = generate_signed_drm_url(args.site_id, args.media_id, args.drm_policy_id, args.api_secret)
    print(signed_drm_url)