Hello,
The access-contrtol-allow-origin header itself only allows a single domain as the origin or * as a wildcard to allow anything, so multiple origins are not allowed in the JWT token.
A common use case with playback authorization is to have the IVS Player embedded in a website so the access-control-allow-origin can be set to the domain of that site, and therefore only allowing playback sessions to originate from the one domain.
In a case where multiple origins are required, an example implementation would be to have logic in an application that can determine the origin of a request, verify that it's in a list of approved origins, then set that origin in the JWT payload before signing and returning the playback URL + access token.
Please let us know if we can provide additional information.
Relevant questions
Multiple domains in aws:access-control-allow-origin JWT token config
asked 2 years agoCan Http Gateway get JWT from multiple places?
asked 2 years agoAWS ALB Cognito JWT/OIDC authentication
asked 8 months agoCreate domain association failed One or more domains requested are already associated with another Amplify app: bakeone.in, www.bakeone.in
asked 4 months agoVerify OpenId Connect token generated by Cognito Identity pool
Accepted Answerasked 4 years agoIs it possible to craft an identity source that will read the JWT from a cookie?
Accepted Answerasked 2 years agoCognito User pool with JWT token
Accepted Answerasked 5 months agoHTTP API with JWT Authoriser
asked 2 years agoJwt Authorizer with issuer in internal network
asked 6 months agoCan i use Id token, access token, refresh token in User pool to identity pool?
asked 4 months ago