mqp
commented
3 years ago That sounds like a totally reasonable thing to have.
Closed vincentfretin closed 3 years ago
mqp
commented
3 years ago That sounds like a totally reasonable thing to have.
mqp
commented
3 years ago I think I would prefer to implement it slightly differently. I would consider join_hub and kick_users "what you can do" fields, and room_ids the "where you can do it" field, where the lack of room_ids implies "everywhere". So the token you want would have both join_hub and room_ids specified. That seems like a simpler way to think about it.
vincentfretin
commented
3 years ago That can work too. This is why I asked for opinion, thanks. ;-) I'll probably work on this next month.
mqp
commented
3 years ago Oops, I did it!
vincentfretin
commented
3 years ago :D Thank you. I'll create more issues like this if you can't help yourself of implementing it. ;-)
mqp
commented
3 years ago I'm having fun working on this a little bit so go for it.
Related to the JWT (see https://github.com/mozilla/janus-plugin-sfu/issues/77). Currently the JWT content can contains
{ join_hub: true, kick_users: true }because the security model of Hubs was giving access to all rooms in the Hubs Cloud instance. For my use case, I may need more security, only giving access to one or more rooms so I think it would make sense to add an additional optional room_ids parameter like this{ kick_users: true, room_ids: ["123", "456"] }(make it plural to support main room with breakout rooms right away) room_ids and join_hub should be mutually exclusive, only one of this parameter should be in the JWT. Thoughts?