search

bluenviron / mediamtx

Ready-to-use SRT / WebRTC / RTSP / RTMP / LL-HLS media server and media proxy that allows to read, publish, proxy, record and playback video and audio streams.
MIT License
12.09k stars 1.52k forks source link

RTMP with JWT Authentication "token contains an invalid number of segments" #3884

Open creichert-iais opened 4 days ago

creichert-iais commented 4 days ago

Which version are you using?

v1.9.2-8-f2318375-dirty

Which operating system are you using?

Linux arm64 Docker

Describe how to replicate the issue

I am currently trying to stream an rtmp stream with rtmp using JWT as authentication.

  1. start the server
  2. publish with ffmpeg: ffmpeg -f dshow -i video="Integrated Webcam" -f flv rtmp://localhost:1935/testStream?jwt=MY_JWT

If I try this beforehand without authentication, everything works fine, with JWT authentication I can use RTSP, WebRTC etc., but not RTMP.

Server logs

That is all i got: 2024/10/17 07:46:20 INF [RTMP] [conn 172.26.0.1:59112] closed: authentication failed: token is malformed: token contains an invalid number of segments

Network dump

No response

tadeu390 commented 2 days ago

I'm experiencing the same problem, but I'm trying to publish to the RTSP port. I tried publishing to the RTMP port like you did and I get the same thing you reported. But in my case, as it is RTSP, the following output appears in the mediamtx logs:

stream-server  | 2024/10/19 22:23:19 INF [RTSP] [conn 127.0.0.1:59100] opened
stream-server  | 2024/10/19 22:23:19 DEB [RTSP] [conn 127.0.0.1:59100] [c->s] OPTIONS rtsp://localhost:8554/cam-5650ed52368c53204b349?jwt=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJYNGpXN1ZjejNSTUZkRjVQUEo4YWxnbjJodnpXQkEzWDlYc0UwUkFrUXhVIn0.eyJleHAiOjE3MjkzNzY4NjYsImlhdCI6MTcyOTM3NjU2NiwianRpIjoiYjM3MDNlN2YtNGY2NS00ZjI3LWJkMjQtODBlZWVlMzkwZTcyIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgzL3JlYWxtcy9tZWRpYW10eCIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiI1YjExZjY2NS04ZWQ1LTQ0N2UtOGUwMi01MzE0NzE1ZmIyY2EiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJtZWRpYW10eCIsInNlc3Npb25fc3RhdGUiOiIxM2I1MTczMy1mNDgyLTQwZDMtODNmNS1hMjE3ZDhiNTgwNWMiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbIi8qIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIiwiZGVmYXVsdC1yb2xlcy1tZWRpYW10eCJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoibWVkaWFtdHggcHJvZmlsZSBlbWFpbCIsInNpZCI6IjEzYjUxNzMzLWY0ODItNDBkMy04M2Y1LWEyMTdkOGI1ODA1YyIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwibWVkaWFtdHhfcGVybWlzc2lvbnMiOlt7ImFjdGlvbiI6InB1Ymxpc2giLCJwYXRoIjoiIn0seyJhY3Rpb24i RTSP/1.0
stream-server  | CSeq: 1
stream-server  | User-Agent: Lavf60.16.100
stream-server  |
stream-server  |
stream-server  | 2024/10/19 22:23:19 DEB [RTSP] [conn 127.0.0.1:59100] [s->c] RTSP/1.0 200 OK
stream-server  | CSeq: 1
stream-server  | Public: DESCRIBE, ANNOUNCE, SETUP, PLAY, RECORD, PAUSE, GET_PARAMETER, TEARDOWN
stream-server  | Server: gortsplib
stream-server  |
stream-server  |
stream-server  | 2024/10/19 22:23:19 DEB [RTSP] [conn 127.0.0.1:59100] [c->s] ANNOUNCE rtsp://localhost:8554/cam-5650ed52368c53204b349?jwt=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJYNGpXN1ZjejNSTUZkRjVQUEo4YWxnbjJodnpXQkEzWDlYc0UwUkFrUXhVIn0.eyJleHAiOjE3MjkzNzY4NjYsImlhdCI6MTcyOTM3NjU2NiwianRpIjoiYjM3MDNlN2YtNGY2NS00ZjI3LWJkMjQtODBlZWVlMzkwZTcyIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgzL3JlYWxtcy9tZWRpYW10eCIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiI1YjExZjY2NS04ZWQ1LTQ0N2UtOGUwMi01MzE0NzE1ZmIyY2EiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJtZWRpYW10eCIsInNlc3Npb25fc3RhdGUiOiIxM2I1MTczMy1mNDgyLTQwZDMtODNmNS1hMjE3ZDhiNTgwNWMiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbIi8qIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIiwiZGVmYXVsdC1yb2xlcy1tZWRpYW10eCJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoibWVkaWFtdHggcHJvZmlsZSBlbWFpbCIsInNpZCI6IjEzYjUxNzMzLWY0ODItNDBkMy04M2Y1LWEyMTdkOGI1ODA1YyIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwibWVkaWFtdHhfcGVybWlzc2lvbnMiOlt7ImFjdGlvbiI6InB1Ymxpc2giLCJwYXRoIjoiIn0seyJhY3Rpb24i RTSP/1.0
stream-server  | CSeq: 2
stream-server  | Content-Length: 309
stream-server  | Content-Type: application/sdp
stream-server  | User-Agent: Lavf60.16.100
stream-server  |
stream-server  | v=0
stream-server  | o=- 0 0 IN IP4 127.0.0.1
stream-server  | s=Media Presentation
stream-server  | c=IN IP4 127.0.0.1
stream-server  | t=0 0
stream-server  | a=tool:libavformat 60.16.100
stream-server  | m=video 0 RTP/AVP 96
stream-server  | b=AS:600
stream-server  | a=rtpmap:96 H264/90000
stream-server  | a=fmtp:96 packetization-mode=1; sprop-parameter-sets=Z0LAKNoB4AiflmyAAAADAIAAAB4HjBlQ,aM48gA==; profile-level-id=42C028
stream-server  | a=control:streamid=0
stream-server  |
stream-server  | 2024/10/19 22:23:19 INF [RTSP] [session 2834564c] created by 127.0.0.1:59100
stream-server  | 2024/10/19 22:23:19 DEB [RTSP] [conn 127.0.0.1:59100] [s->c] RTSP/1.0 401 Unauthorized
stream-server  | CSeq: 2
stream-server  | Server: gortsplib
stream-server  | WWW-Authenticate: Basic realm="IPCAM"
stream-server  |
stream-server  |
stream-server  | 2024/10/19 22:23:19 DEB [RTSP] [conn 127.0.0.1:59100] [c->s] ANNOUNCE rtsp://localhost:8554/cam-5650ed52368c53204b349?jwt=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJYNGpXN1ZjejNSTUZkRjVQUEo4YWxnbjJodnpXQkEzWDlYc0UwUkFrUXhVIn0.eyJleHAiOjE3MjkzNzY4NjYsImlhdCI6MTcyOTM3NjU2NiwianRpIjoiYjM3MDNlN2YtNGY2NS00ZjI3LWJkMjQtODBlZWVlMzkwZTcyIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgzL3JlYWxtcy9tZWRpYW10eCIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiI1YjExZjY2NS04ZWQ1LTQ0N2UtOGUwMi01MzE0NzE1ZmIyY2EiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJtZWRpYW10eCIsInNlc3Npb25fc3RhdGUiOiIxM2I1MTczMy1mNDgyLTQwZDMtODNmNS1hMjE3ZDhiNTgwNWMiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbIi8qIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIiwiZGVmYXVsdC1yb2xlcy1tZWRpYW10eCJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoibWVkaWFtdHggcHJvZmlsZSBlbWFpbCIsInNpZCI6IjEzYjUxNzMzLWY0ODItNDBkMy04M2Y1LWEyMTdkOGI1ODA1YyIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwibWVkaWFtdHhfcGVybWlzc2lvbnMiOlt7ImFjdGlvbiI6InB1Ymxpc2giLCJwYXRoIjoiIn0seyJhY3Rpb24i RTSP/1.0
stream-server  | CSeq: 3
stream-server  | Content-Length: 309
stream-server  | Content-Type: application/sdp
stream-server  | User-Agent: Lavf60.16.100
stream-server  |
stream-server  | v=0
stream-server  | o=- 0 0 IN IP4 127.0.0.1
stream-server  | s=Media Presentation
stream-server  | c=IN IP4 127.0.0.1
stream-server  | t=0 0
stream-server  | a=tool:libavformat 60.16.100
stream-server  | m=video 0 RTP/AVP 96
stream-server  | b=AS:600
stream-server  | a=rtpmap:96 H264/90000
stream-server  | a=fmtp:96 packetization-mode=1; sprop-parameter-sets=Z0LAKNoB4AiflmyAAAADAIAAAB4HjBlQ,aM48gA==; profile-level-id=42C028
stream-server  | a=control:streamid=0
stream-server  |
stream-server  | 2024/10/19 22:23:19 DEB [RTSP] [conn 127.0.0.1:59100] [s->c] RTSP/1.0 401 Unauthorized
stream-server  | CSeq: 3
stream-server  | Server: gortsplib
stream-server  | WWW-Authenticate: Basic realm="IPCAM"
stream-server  |
stream-server  |
stream-server  | 2024/10/19 22:23:19 INF [RTSP] [conn 127.0.0.1:59100] closed: EOF
stream-server  | 2024/10/19 22:23:19 INF [RTSP] [session 2834564c] destroyed: not in use

I validated this token in keycloak and it is a valid token (I configured permission to publish and read). With this same token I can perform a read operation on mediamtx, that is, I can read on the HLS port. For me, just publish what isn't working.

I'm using the latest release of mediamtx(mediamtx_v1.9.2_linux_amd64) on alpine linux. I'm running on docker.

This is my command line: 

ffmpeg -use_wallclock_as_timestamps 1 -rtsp_transport tcp -timeout 10000000  -i rtsp://teste:teste@teste.com.br:557/Streaming/Channels/1/ -pix_fmt yuvj420p -c:v libx264 -preset ultrafast -b:v 600k -an -filter:v fps=30 -f rtsp rtsp://localhost:8554/cam-5650ed52368c53204b349?jwt=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJYNGpXN1ZjejNSTUZkRjVQUEo4YWxnbjJodnpXQkEzWDlYc0UwUkFrUXhVIn0.eyJleHAiOjE3MjkzNzY4NjYsImlhdCI6MTcyOTM3NjU2NiwianRpIjoiYjM3MDNlN2YtNGY2NS00ZjI3LWJkMjQtODBlZWVlMzkwZTcyIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgzL3JlYWxtcy9tZWRpYW10eCIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiI1YjExZjY2NS04ZWQ1LTQ0N2UtOGUwMi01MzE0NzE1ZmIyY2EiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJtZWRpYW10eCIsInNlc3Npb25fc3RhdGUiOiIxM2I1MTczMy1mNDgyLTQwZDMtODNmNS1hMjE3ZDhiNTgwNWMiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbIi8qIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIiwiZGVmYXVsdC1yb2xlcy1tZWRpYW10eCJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoibWVkaWFtdHggcHJvZmlsZSBlbWFpbCIsInNpZCI6IjEzYjUxNzMzLWY0ODItNDBkMy04M2Y1LWEyMTdkOGI1ODA1YyIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwibWVkaWFtdHhfcGVybWlzc2lvbnMiOlt7ImFjdGlvbiI6InB1Ymxpc2giLCJwYXRoIjoiIn0seyJhY3Rpb24iOiJyZWFkIiwicGF0aCI6IiJ9XSwicHJlZmVycmVkX3VzZXJuYW1lIjoidGVzdHVzZXIifQ.KGnDvJ85H3Lh-zjSWedYHeK3TXcUqSK1jBGj2CKFTUH2OPGpTzriOPgM_Xlg7mHsAX3CC8lHM5BkZ80FqMyBuifXbhlgTa6R7h_agFYipEi3ZrTLvP1b9ofuFhKnCd7dlgLCcE-6L4NMOYZ5lMRdxrcNa-K7yspkZqfuwR4irKqFpwwa4Qk5ShqbCCFaJKDt03gOyzY4-yuV_SEGypABOrrlt_i1i-yjkb8qQmSteULjsTUa_M-LHP2kfa80kqLLAtP3tvbLu0R4FteGv5g1VYLgKSrLFFfksv-Il9WpfDWAlipLpCcdbTvBXgm6R8E4nEUHsVJzrL6XphVLjvSY3g

And this is the output of the ffmpeg command:

[rtsp @ 0x7faa627fb780] method ANNOUNCE failed: 401 Unauthorized
[out#0/rtsp @ 0x7faa61710400] Could not write header (incorrect codec parameters ?): Server returned 401 Unauthorized (authorization failed)
Error while filtering: Server returned 401 Unauthorized (authorization failed)
[out#0/rtsp @ 0x7faa61710400] Nothing was written into output file, because at least one of its streams received no packets.