Can anybody help me in this?

I want to develop a website where videos are listed from AWS S3 bucket, and each video will have some amount to pay before user can watch. once user purchased that video he can watch that video lifetime only via jw player of my website.

I have researched and found Cloudfront Signed URL and Signed cookies, but that URL will have expiry date and that url can be access by any of the user through my website by just simply using any registered users signed URL in jw player.

Is there any way where i can get the HLS or RTMP video url only if user is Authenticated using cloudfront object without bucket Origin Access identity