I was wondering what the best practice would be to keep track of the expiry date? In our case the KSM is returning relevant storage & playback duration data, so i have all the pieces to know when the key is about to expire, but should i handle those rules myself or is AVFoundation helping me in some way with this?
Thank you!
There are multiple ways you can go about this -
You get the expiration date off-band from your key server and track it yourself in the app after you create your offline key.
If you don't want to do that, you can use makeSecureTokenForExpirationDateOfPersistableContentKey:completionHandler: to query expiration date from AVFoundation. This generates a SPC which you can send to your key server to determine when it expires. Note that this involves an additional round trip to server compared to (1)
You can always delete the offline key you have in your app. Sometimes, your business rule demand that the offline key is securely deleted. You can use invalidatePersistableContentKey:options:completionHandler: or invalidateAllPersistableContentKeysForApp:options:completionHandler: to do that. When you use this, you will get a SPC which you can send to your key server and your key server can unwrap SPC and find out securely that the key was invalidated. Let's say if someone tries to reuse your offline key, after invalidation, they cannot anymore.