atm0s-media-server icon indicating copy to clipboard operation
atm0s-media-server copied to clipboard

Published 20 hours ago verified publisher icon 8xFF

Feature: External authentication/authorization check

Open luongngocminh opened this issue 1 year ago • 8 comments
trafficstars

Pull Request

Description

To keep the server functionalities as simple and compact as possible, currently only JWT verification is used to allow users access to a room. But due to the requirements of modern video conferencing applications, further authentication functionalities are needed (Room participant controls like kicking, banning, ...). This PR is designed to keep the authen/author out of scope of the server core functions. Developer can now extends the authentication functions by providing a sort of "guard" API HTTP base endpoint. These "guard" are placed in-front of the authenticated SDK APIs:

  • /whip/create
  • /whep/create
  • /webrtc/connect
  • /webrtc/ice-restart The guard API endpoint should contain all of these APIs when --ext-auth-uri is provided for the server. The guard only check for success status from this API for the guard to be passed, if the API failed in any other way, the guard will return UNAUTHORIZED.

Changes

  • New argument for media/gateway server: --ext-auth-uri Option<String>. For example: http://example.com (without the backslash at the end of the string)

Related Issue

#378

Checklist

  • [x] I have tested the changes locally.
  • [x] I have reviewed the code changes.

luongngocminh avatar Aug 21 '24 11:08 luongngocminh