saket424
commented
1 year ago external auth with hmac token passed in as a query parameter works well for rtsp, rtmp, whep. i am using nodered as my external verifier
Closed statmatt closed 9 months ago
saket424
commented
1 year ago external auth with hmac token passed in as a query parameter works well for rtsp, rtmp, whep. i am using nodered as my external verifier
aler9
commented
1 year ago Hello, I think we're dealing with two different issues here:
regarding the ability to use URLs with embedded credentials (i.e. http://user:pass@host), this feature is not mandatory to use, is not recommended in any way by the README, and the reason why it is blocked by browsers is unrelated from the underlying authentication mechanism: it is blocked to avoid users from sharing their credentials by mistake, whichever credentials they are using (and they can be JWT, hmac, sha, etc). Moving credentials into query parameters would incur in the security issue i just mentioned. Therefore, credentials must be left when they are, for the moment.
regarding support for different authentication methods, i think we can add native support for JWTs and LDAP, although both methods can be already implemented by using the external authentication specification.
github-actions[bot]
commented
9 months ago This issue is mentioned in release v1.6.0 🚀 Check out the entire changelog by clicking here
github-actions[bot]
commented
2 months ago This issue is being locked automatically because it has been closed for more than 6 months. Please open a new issue in case you encounter a similar problem.
Describe the feature
The current simple user:pass@host scheme used for basic auth is blocked by most browsers due to SRI. Thus, the instructions to embed links from the mediamtx server with this authentication is blocked. The documentation does not provide any real alternatives (for example, externalAuthentication, would it work, or would that also block the ingestion from RTSP proxy source?)