I have been considering this for some time.

I think there should be a new auth_jwt module, probably based on auth_ephemeral (which is similar in concept). For SIP over WebSockets this can then be used to authenticate the client during the WebSocket handshake.

There should be a “Private Claim Name” defined to contain the identity of the calling/registering party. This can be cached during the WebSocket handshake and then used to valid the To-URI (REGISTER/PUBLISH) and From-URI (other requests without To-tags). The “Expiration Time Claim” should be cached too.

auth_jwt should contain helper functions for checking URIs and whether the token is still valid - similar to those in auth_ephemeral.

Regards,

Peter

—
Peter Dunkley
http://www.dunkley.me.uk/ <http://www.dunkley.me.uk/>
http://www.linkedin.com/in/pdunkley <http://www.linkedin.com/in/pdunkley>
> On 13 Jan 2015, at 20:59, kamailio-sync <notifications@github.com> wrote:
>
>
> On 12 Jan 2015, at 21:34, mading087 <notifications@github.com> wrote:
>
> > It seems a good idea to support JWT as a new SIP authorization method. Wonder if anyone is interested? Think auth_db would be the best spot to add support for JWT.
> >
> Please check the work that is ongoing with OAuth - there is an IETF draft on that.
>
> /O
> —
> Reply to this email directly or view it on GitHub <https://github.com/kamailio/kamailio/issues/29#issuecomment-69818698>.
>

—
Reply to this email directly or view it on GitHub.