Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Android app server url does not support HTTP basic authentication #6613

Closed
diafygi opened this issue May 7, 2020 · 1 comment
Closed

Android app server url does not support HTTP basic authentication #6613

diafygi opened this issue May 7, 2020 · 1 comment
Labels
android Issue related to the Android operating system invalid Issue is deemed to not apply / be feasible

Comments

@diafygi
Copy link

diafygi commented May 7, 2020

Description

When adding HTTP basic access authentication to the nginx config, the server url in the mobile app settings removes the credentials and does not work. However, the authenticated server url works perfectly when using a desktop browser. Also discussed here: https://community.jitsi.org/t/enabling-http-authentication-using-docker-jitsi-meet/32797/2

Current behavior

In the Android app > Settings > Server URL, if I try to input a server url that includes basic credentials (e.g. https://user:pass@meet.mydomain.com/) the app automatically changes the url to remove the username and password (e.g. https://meet.mydomain.com/).

Expected Behavior

The server url should be able to handle http basic username/password values in the server url.

Possible Solution

Enable HTTP basic auth support for the mobile apps in server urls.

Steps to reproduce

  1. Create a basic username password file.
echo "myuser:mypassword" > /path/to/my.htpasswd
  1. Add HTTP basic authentication to the default nginx config so that users are asked to authenticate
server {
    listen 443;
    ...

    auth_basic "Login Required";
    auth_basic_user_file /path/to/my.htpasswd;

    ...
}
  1. Verify the authentication works using a server url with basic auth credentials.
Open in browser: https://myuser:mypassword@meet.mydomain.com/
  1. Open the Android/iOS app and try to set the authenticated server url in your settings.
Settings > Server URL > https://myuser:mypassword@meet.mydomain.com/
  1. The app removes the basic auth credentials and isn't able to connect to the server.
https://myuser:mypassword@meet.mydomain.com/ --> https://meet.mydomain.com/

Environment details

Tested on Android app 20.2.3 build 4129209
@Echolon Echolon added the android Issue related to the Android operating system label May 13, 2020
@saghul
Copy link
Member

saghul commented May 13, 2020

The mobile apps are not browsers, thus they won't repond to HTTP auth. If you want to protect your deployment with authentication you should use XMPP authentication, which Jitsi Meet supports: https://github.com/jitsi/jicofo/#secure-domain

@saghul saghul closed this as completed May 13, 2020
@luixxiul luixxiul added the invalid Issue is deemed to not apply / be feasible label May 13, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
android Issue related to the Android operating system invalid Issue is deemed to not apply / be feasible
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@saghul @diafygi @luixxiul @Echolon