diff --git a/theolive/distribution/security/token-based-security.mdx b/theolive/distribution/security/token-based-security.mdx index 8e646a3b3979..ee6e1e0b7236 100644 --- a/theolive/distribution/security/token-based-security.mdx +++ b/theolive/distribution/security/token-based-security.mdx @@ -47,14 +47,14 @@ Requests without a valid token are rejected. If the distribution does not have t The JWT token supports a custom `optiview` claim that enables fine-grained access control. When present, the claim restricts token usage based on channel, geography, or device type. -| Property | Type | Description | -| -------- | ---------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `ch` | `string[]` | Channel ID(s). If present, the token can exclusively be used for a channel in this list. | -| `cc` | `string[]` | Country code(s) in [ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1) format (e.g. `"US"`, `"BE"`). If present, the token can exclusively be used for a country in this list. | -| `rgn` | `string[]` | Region code(s) using the subdivision codes defined in [ISO 3166-2](https://en.wikipedia.org/wiki/ISO_3166-2), only supported for US regions (e.g. `"US-CA"`, `"US-NY"`). If present, the token can exclusively be used for a region in this list. If the viewer's region cannot be determined, the request is denied. | -| `hw` | `string[]` | Device type(s). If present, the token can exclusively be used by a device type in this list. Possible values: `"desktop"`, `"mobile"`, `"tv"`. If the viewer's device type cannot be determined, this restriction is skipped. | -| `tid` | string | Tracking ID. A group identifier string used to correlate viewers. | -| `cvd` | string | Custom viewer data. Arbitrary string attached to the session, e.g. an individual identifier to uniquely identify a viewer. | +| Property | Type | Description | +| -------- | ---------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `ch` | `string[]` | Channel ID(s). If present, the token can exclusively be used for a channel in this list. | +| `cc` | `string[]` | Country code(s) in [ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1) format (e.g. `"US"`, `"BE"`). If present, the token can exclusively be used for a country in this list. | +| `rgn` | `string[]` | Region code(s) using the subdivision codes defined in [ISO 3166-2](https://en.wikipedia.org/wiki/ISO_3166-2), only supported for the United States and Canada regions (e.g. `"US-CA"`, `"US-NY"`). If present, the token can exclusively be used for a region in this list. If the viewer's region cannot be determined, the request is denied. | +| `hw` | `string[]` | Device type(s). If present, the token can exclusively be used by a device type in this list. Possible values: `"desktop"`, `"mobile"`, `"tv"`. If the viewer's device type cannot be determined, this restriction is skipped. | +| `tid` | string | Tracking ID. A group identifier string used to correlate viewers. | +| `cvd` | string | Custom viewer data. Arbitrary string attached to the session, e.g. an individual identifier to uniquely identify a viewer. | All properties are optional. When a property is omitted, no restriction is applied for that dimension.