Open in app

Sign in

Write

Sign in

Common Access Token Interoperability Testing with Open Source Cloud

Eyevinn Technology
4 min readMar 15, 2025

--

Common Access Token (CAT) is a simple, extensible, policy-bearing bearer token for content access. The primary use case for this token is to allow content providers to enforce access policies efficiently, flexibly, and interoperably. This token is usable as an OAUTH bearer token, a URI signing token, or more generally as a mechanism for conveying delivery policy.

A standard developed by Web Application Video Ecosystem (CTA-WAVE) and specified in document CTA-5007.

To facilitate for a broader adoption an open web service in Eyevinn Open Source Cloud based on open source is available and can be used for interoperability testing an implementation of CAT.

Interoperability testing with open web service in Eyevinn Open Source Cloud

When implementing and adopting to a new standard it is critical that you can validate your implementation with another party. In this blog we will describe how to get started.

To follow the tutorial in this blog you need an Eyevinn Open Source Cloud account. Sign up for an account here.

One service (at a time) is included in the Basic tier so you can try this out all for free.

Obtain an OSC Personal Access Token

Your personal access token grants you access the Open Source Cloud APIs that we will use. Navigate to Settings / API in the Open Source Cloud web console.

Copy the personal access token and save it as an environment variable OSC_ACCESS_TOKEN in your terminal.

% export OSC_ACCESS_TOKEN=<your-personal-access-token>

Depending on which part of the CAT implementation you want to verify you can either generate a common access token to verify that your validation process is according to the specification, or validate a common access token that you have generated.

First we will install the Eyevinn OSC client SDK for Javascript.

% npm install --save @osaas/client-core @osaas/client-web

Generate a Common Access Token

To verify that your CAT validation implementation is interoperable with another part we will generate a common access token using the client SDK.

import { Context } from '@osaas/client-core';
import { generateCommonAccessToken } from '@osaas/client-web';

const ctx = new Context();
const token = await generateCommonAccessToken(
  ctx,
  {
    iss: 'eyevinn',
    sub: 'jonas'
  },
  {
    signingKey:
      '403697de87af64611c1d32a05dab0fe1fcb715a86ab435f1ec99192d79569388'
  }
);

Adding this to an integration test (using Jest) could for example look like this.

import { Context } from '@osaas/client-core';
import { generateCommonAccessToken } from '@osaas/client-web';

describe('My CAT implementation', () => {
  test('can validate a token someone else generated', async () => {
    const ctx = new Context();
    const token = await generateCommonAccessToken(
      ctx,
      {
        iss: 'eyevinn',
        sub: 'jonas'
      },
      {
        signingKey:
          '403697de87af64611c1d32a05dab0fe1fcb715a86ab435f1ec99192d79569388'
      }
    );
    const result = MyCATValidator(token, '403697de87af64611c1d32a05dab0fe1fcb715a86ab435f1ec99192d79569388');
    expect(result.ok).toBe(true);
  });
});

Validate a Common Access Token

To verify that a common access token that your implementation has generated is interoperable with another validator we could write a test for that.

import { Context } from '@osaas/client-core';
import { validateCommonAccessToken } from '@osaas/client-web';

describe('My CAT implementation', () => {
  test('can generate a valid token', async () => {
    const token = MyCATGenerator(
      { iss: 'eyevinn' },
      '403697de87af64611c1d32a05dab0fe1fcb715a86ab435f1ec99192d79569388'
    );
    const ctx = new Context();
    const result = await validateCommonAccessToken(
      ctx,
      token,
      {
        signingKey:
          '403697de87af64611c1d32a05dab0fe1fcb715a86ab435f1ec99192d79569388'
      }
    );
    expect(result.payload).toEqual({ iss: 'eyevinn', ... });
  });
});

These tests and additional variants can be added and executed as part of a continuous integration testing pipeline.

Conclusion

With this open web service you can validate that your implementation of Common Access Token is interoperable with another party and you can include this validation as part of a continuous testing workflow.

Additional Resources

Join our Slack workspace for real-time support and to connect with other users.

We developed and launched Open Source Cloud to reduce the barrier to getting started with open source and at the same time contribute to a sustainable model for open source by giving back a share of the revenue to the creator.

Open source provides full transparency of the building blocks your solution is built on, and prevents you from being locked in with a single vendor.

Building solutions based on open source requires that you build, deploy, maintain, and host it yourself. What if it could be as easy that with only a click of a button, you can have it as software as a service? And that there was an easy way to support the creator financially?

This is what we solve with Open Source Cloud!

Eyevinn Technology helps companies in the TV, media, and entertainment sectors optimize costs and boost profitability through enhanced media solutions.

Common Access Token
Interoperability
Automated Testing
Open Source

--

--

Eyevinn Technology
Eyevinn Technology

Written by Eyevinn Technology

1.1K Followers
123 Following

We are consultants sharing the passion for the technology for a media consumer of the future.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech