Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support bearer token authentication #3248

Closed
neilyoung opened this issue Apr 15, 2024 · 6 comments
Closed

Support bearer token authentication #3248

neilyoung opened this issue Apr 15, 2024 · 6 comments
Labels
enhancement New feature or request webrtc

Comments

@neilyoung
Copy link

Describe the feature

Description

I hope it's not again an RTMF issue and it's all long time realised and documented, but at the moment it seems to me that MediaMTX supports BASIC and DIGEST authentication only for WebRTC WHIP/WHEP. IMHO the RFC mandates bearer token authentication, so it would be great, if that could be supported.

@aler9 aler9 added enhancement New feature or request webrtc labels May 24, 2024
@kaitlynia
Copy link

Not only is this mandated by RFC, but OBS supports this in the UI for WHIP and it was a source of confusion for me when I assumed this was the method that MediaMTX handled JWT-based auth, but was disappointed to find out that it's just more URL-parameterized auth.

@aler9
Copy link
Member

aler9 commented Jun 11, 2024

In order to cover all possible cases, i'll implement WHEP Bearer authentication in a way that is compatible with all available authentication mechanisms (currently internal, HTTP, JWT).

@aler9
Copy link
Member

aler9 commented Jun 11, 2024

solved by #3458 and #3459

@neilyoung
Copy link
Author

neilyoung commented Jun 12, 2024

Nicely done! Not sure if it was intended, but it is even possible to mix JWT bearer authentication with an existing DIY HTTP authentication service (in order to prevent to be forced to support JWKS or introduce yet another instance like keycloak or friends).

I'm configuring authHTTPAddress to a Node JS server instance I wrote to support RTSP authentication via username:password and setting authMethod: http but leaving authJWTJWKS empty. I see it is possible to do even JWT authentication by parsing the query transported:

AUTH {
  ip: '127.0.0.1',
  user: '',
  password: '',
  action: 'publish',
  path: 'toast',
  protocol: 'webrtc',
  id: '06960ca9-3266-482d-a8bd-2532e955ebfb',
  query: 'jwt=eyJhbGci.....Qac6c5xBrdAk&mode=inference'
}

Two birds with one stone. Great. Thanks for having added support for this.

Copy link
Contributor

This issue is mentioned in release v1.8.3 🚀
Check out the entire changelog by clicking here

Copy link
Contributor

This issue is being locked automatically because it has been closed for more than 6 months.
Please open a new issue in case you encounter a similar problem.

@github-actions github-actions bot locked and limited conversation to collaborators Dec 16, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement New feature or request webrtc
Projects
None yet
Development

No branches or pull requests

3 participants