This puts the current channels and user ID in the Grip-Link URL, signed in a JWT using settings.SECRET_KEY. When the proxy makes a request to the URL, the supplied channels are used instead of calling get_channels_for_request, and the supplied user is passed to any can_read_channel calls.
Basically this makes channel auth by Django user actually work. The first request uses normal auth, and subsequent requests use custom auth via the special JWT.
A notable side-effect of this change is you can't change the channels of a stream once it starts (which was possible when get_channels_for_request was called every time), but this is a pretty strange thing to need to do. Revoking access is still possible since can_read_channel is still called as normal.
This puts the current channels and user ID in the
Grip-LinkURL, signed in a JWT usingsettings.SECRET_KEY. When the proxy makes a request to the URL, the supplied channels are used instead of callingget_channels_for_request, and the supplied user is passed to anycan_read_channelcalls.Basically this makes channel auth by Django user actually work. The first request uses normal auth, and subsequent requests use custom auth via the special JWT.
A notable side-effect of this change is you can't change the channels of a stream once it starts (which was possible when
get_channels_for_requestwas called every time), but this is a pretty strange thing to need to do. Revoking access is still possible sincecan_read_channelis still called as normal.Code needs testing.