Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Secret based streams authorization without rest api calls #717

Closed
Stinkie opened this issue Dec 18, 2018 · 0 comments
Closed

Secret based streams authorization without rest api calls #717

Stinkie opened this issue Dec 18, 2018 · 0 comments
Assignees

Comments

@Stinkie
Copy link

Stinkie commented Dec 18, 2018

General idea is to provide a hash from client which will be checked on ams side to authorize a user

Hashing algorithm looks like this

sha256(STREAM_ID + ROLE + SECRET) - hash of 3 concatenated strings

STREAM_ID - just the stream name - self explanatory
ROLE - string which values are ‘publish’ or ‘play’.
SECRET - random string which is shared by ams (via config) and party generating hash

So basically auth flow looks the same as for current implementation but token which is being sent through signaling looks like above

Should be an option to enable described logic via config.
Other thing is that we should be able to enable auth for each server and role independently - it means we can enable auth for publish and disable for subscribers. Each node should have it’s own config and perform auth accordingly.

There is no need for us to have logic above configurable via web interface but highly likely you’ll do it anyway for other customers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants