Support more modern authentication mechanisms

[statmatt]

Describe the feature

The current simple user:pass@host scheme used for basic auth is blocked by most browsers due to SRI. Thus, the instructions to embed links from the mediamtx server with this authentication is blocked. The documentation does not provide any real alternatives (for example, externalAuthentication, would it work, or would that also block the ingestion from RTSP proxy source?)

[saket424]

external auth with hmac token passed in as a query parameter works well for rtsp, rtmp, whep. i am using nodered as my external verifier

[aler9]

Hello, I think we're dealing with two different issues here:

• regarding the ability to use URLs with embedded credentials (i.e. http://user:pass@host), this feature is not mandatory to use, is not recommended in any way by the README, and the reason why it is blocked by browsers is unrelated from the underlying authentication mechanism: it is blocked to avoid users from sharing their credentials by mistake, whichever credentials they are using (and they can be JWT, hmac, sha, etc). Moving credentials into query parameters would incur in the security issue i just mentioned. Therefore, credentials must be left when they are, for the moment.

• regarding support for different authentication methods, i think we can add native support for JWTs and LDAP, although both methods can be already implemented by using the external authentication specification.

[github-actions[bot]]

This issue is mentioned in release v1.6.0 🚀 Check out the entire changelog by clicking here