<div dir="ltr">I have to admit that even looking at the debug logs I cannot understand what's going on in your case.<div>As said I'm running an authentication scenario very similar to yours, being the challenge the only difference.</div><div>What I can suggest to further digging is to reduce your configuration as much as possible (e.g. I see that you are using topoh) and see if we can understand better what is causing the issue.</div><div><br></div><div>Cheers,</div><div><br></div><div>Federico</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 3, 2022 at 7:58 AM Olle E. Johansson <<a href="mailto:oej@edvina.net" target="_blank">oej@edvina.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><br><div><br><blockquote type="cite"><div>On 2 Feb 2022, at 23:58, Cyril Ramière <<a href="mailto:cyril.ramiere@gmail.com" target="_blank">cyril.ramiere@gmail.com</a>> wrote:</div><br><div><div dir="ltr"><div dir="ltr">Hi Karsten,<div><br></div><div>Thanks for the clue, unfortunately I can't use this module because the clients are "dumb" sip phones.</div><div><br></div><div>The goal of my implementation is to use our application API to handle the login.</div><div><br></div><div>The plan was that a sip phone sends a REGISTER, I ask the API endpoint if this user/password is ok to connect and allow/deny based on the reply and informations provided by the API.</div><div><br></div><div>Everything is relying on the fact that I can make my HTTP call when handling the REGISTER, sadly for me, it doesn't work and I still can't figure why.</div></div></div></div></blockquote>Try http_client. I’ve used it a lot of time for authentication. It will block your thread while waiting for response, but you can handle some of those issues by caching secrets for a short time with htable.</div><div><br></div><div>/O<br><blockquote type="cite"><div><div dir="ltr"><div dir="ltr"><div><br></div><div>Cheers,</div><div><br></div><div>Cyril</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Le mer. 2 févr. 2022 à 19:49, Karsten Horsmann <<a href="mailto:khorsmann@gmail.com" target="_blank">khorsmann@gmail.com</a>> a écrit :<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">Hi Cyril,<div dir="auto"><br></div><div dir="auto">This Kamailio module could imho do the same </div><div dir="auto"><br></div><div dir="auto"><a href="https://www.kamailio.org/docs/modules/devel/modules/auth_ephemeral.html" target="_blank">https://www.kamailio.org/docs/modules/devel/modules/auth_ephemeral.html</a><br></div><div dir="auto"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Cyril Ramière <<a href="mailto:cyril.ramiere@gmail.com" target="_blank">cyril.ramiere@gmail.com</a>> schrieb am Do., 27. Jan. 2022, 08:04:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi there,<div><br></div><div>I have a weird issue with kamailio (latest docker image kamailio-ci:5.5.2-alpine) and http_async_client.</div><div><br></div><div>Before posting a lot of logs, let me describe what I want to achieve.</div><div><br></div><div>I have a Kamailio and a SIP Phone.</div><div><br></div><div>The SIP phone sends a REGISTER to kamailio, then in my routing block, I check if I have an Authorization header.</div><div><br></div><div>Since I don't have an Authorization (first message), I use "www_challenge()".</div><div>This replies to the SIP phone, and then the SIP phone sends a new REGISTER with the correct Authorization header.</div><div><br></div><div>So far so good.</div><div><br></div><div>Now, when I get the REGISTER with Authorization header, I want to ask an HTTP endpoint if this user is allowed to connect and check the password using http_async_query().</div><div><br></div><div>The problem is that when the transaction resumes, the tmx module is unhappy and throws this error :</div><div><br></div><div><div style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Andale Mono";color:rgb(47,255,18);background-color:rgba(0,0,0,0.9)"><span style="font-variant-ligatures:no-common-ligatures">30(36) CRITICAL: tmx [t_var.c:546]: pv_get_tm_reply_code(): no picked branch (-1) for a final response in MODE_ONFAILURE</span></div></div><div><br></div><div>And a 500 error is sent back to the sip phone.</div><div>The AUTH_REPLY route is still called and I can use the $http* values.</div><div><br></div><div>Do you see something that I am doing wrong or missing in my logic?</div><div>Is pausing/resuming to use the async http client is allowed if I'm handling a REGISTER transaction?</div><div><br></div><div>Here's a simplified version of my routing block (not far from reality):</div><div><br></div><div>##### SNIP </div><div><br></div><div><pre style="color:rgb(36,41,46);font-family:Menlo,monospace">request_route{</pre><pre style="color:rgb(36,41,46);font-family:Menlo,monospace">route(AUTH);</pre><pre style="color:rgb(36,41,46);font-family:Menlo,monospace"><br></pre><pre style="color:rgb(36,41,46);font-family:Menlo,monospace">route[AUTH]{</pre><pre style="color:rgb(36,41,46);font-family:Menlo,monospace"><pre style="font-family:Menlo,monospace"> if (is_method(<span style="color:rgb(3,47,98)">"REGISTER"</span>){</pre><pre style="font-family:Menlo,monospace"> if(no_auth_header){</pre><pre style="font-family:Menlo,monospace"> www_challenge(<span style="color:rgb(3,47,98)">"$td"</span>,<span style="color:rgb(3,47,98)">"1"</span>)<span style="color:rgb(106,115,125)">;</span></pre><pre style="font-family:Menlo,monospace"><span style="color:rgb(106,115,125)"> exit;</span></pre><pre style="font-family:Menlo,monospace"> }</pre><pre style="font-family:Menlo,monospace"> else{</pre><pre style="font-family:Menlo,monospace"> t_newtran();</pre><pre style="font-family:Menlo,monospace"> http_async_query(<span style="color:rgb(3,47,98)">"<a href="http://xxx.xxx.xxx.xxx:9000/auth?foo=bar" rel="noreferrer" target="_blank">http://xxx.xxx.xxx.xxx:9000/auth?foo=bar</a>"</span>, <span style="color:rgb(3,47,98)">"AUTH_REPLY"</span>)<span style="color:rgb(106,115,125)">;</span></pre><pre style="font-family:Menlo,monospace"> }</pre><pre style="font-family:Menlo,monospace"> }</pre></pre><pre style="color:rgb(36,41,46);font-family:Menlo,monospace">}</pre><pre style="color:rgb(36,41,46);font-family:Menlo,monospace"><br></pre><pre style="color:rgb(36,41,46);font-family:Menlo,monospace">route[AUTH_REPLY]{</pre><pre style="color:rgb(36,41,46);font-family:Menlo,monospace"> xlog(<span style="color:rgb(3,47,98)">"L_INFO"</span>, <span style="color:rgb(3,47,98)">"route[HTTP_REPLY]: status $http_rs\n"</span>)<span style="color:rgb(106,115,125)">;</span><br></pre><pre style="color:rgb(36,41,46);font-family:Menlo,monospace">}</pre><pre style="color:rgb(36,41,46);font-family:Menlo,monospace"><br></pre><pre style="color:rgb(36,41,46);font-family:Menlo,monospace">}</pre></div><div>##### END SNIP</div><div><br></div><div><br></div><div>Best regards!</div>
</div>
__________________________________________________________<br>
Kamailio - Users Mailing List - Non Commercial Discussions<br>
* <a href="mailto:sr-users@lists.kamailio.org" rel="noreferrer" target="_blank">sr-users@lists.kamailio.org</a><br>
Important: keep the mailing list in the recipients, do not reply only to the sender!<br>
Edit mailing list options or unsubscribe:<br>
* <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div>
__________________________________________________________<br>
Kamailio - Users Mailing List - Non Commercial Discussions<br>
* <a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
Important: keep the mailing list in the recipients, do not reply only to the sender!<br>
Edit mailing list options or unsubscribe:<br>
* <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div></div>
__________________________________________________________<br>Kamailio - Users Mailing List - Non Commercial Discussions<br> * <a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>Important: keep the mailing list in the recipients, do not reply only to the sender!<br>Edit mailing list options or unsubscribe:<br> * <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br></div></blockquote></div><br></div>__________________________________________________________<br>
Kamailio - Users Mailing List - Non Commercial Discussions<br>
* <a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
Important: keep the mailing list in the recipients, do not reply only to the sender!<br>
Edit mailing list options or unsubscribe:<br>
* <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div>