Hi all!
I need to integrate a REST Service with Kamailio. Integration is easy, not a problem, but my concern is that the REST Services has a JWT token authentication required for each request, common to many (it not all) REST Services. So, it is required to POST for authentication (username and password) and once I get authentication done, and receive a JWT token, I will need to use this token in all other requests to the REST Service. The token is valid for 24h. My question is: - how to save the token for use during 24h, on all calls/sessions, without the need to authenticate on every call? - how to detect the token has expired and re-authenticate?
I looked for some modules, but could not find any that suited me. I am thinking of executing a Python script for this, but concerned about latency and PDD.... Any thoughts? Any suggestions? Any known best-practice?
Atenciosamente / Kind Regards / Cordialement / Un saludo,
*Sérgio Charrua*
On Aug 27, 2024, at 6:58 AM, Sergio Charrua via sr-users sr-users@lists.kamailio.org wrote:
My question is:
- how to save the token for use during 24h, on all calls/sessions, without the need to authenticate on every call?
- how to detect the token has expired and re-authenticate?
The `htable` module can potentially assist with both tasks. You can use it to save the token, and also set an expiration time of 24 hours. It's kind of like Redis, but inside Kamailio.
Of course, expiring the token after 24 hours is not the same thing as detecting that it has expired.
-- Alex
On Aug 27, 2024, at 6:58 AM, Sergio Charrua via sr-users sr-users@lists.kamailio.org wrote:
Hi all!
I need to integrate a REST Service with Kamailio. Integration is easy, not a problem, but my concern is that the REST Services has a JWT token authentication required for each request, common to many (it not all) REST Services. So, it is required to POST for authentication (username and password) and once I get authentication done, and receive a JWT token, I will need to use this token in all other requests to the REST Service. The token is valid for 24h. My question is:
- how to save the token for use during 24h, on all calls/sessions, without the need to authenticate on every call?
- how to detect the token has expired and re-authenticate?
I looked for some modules, but could not find any that suited me. I am thinking of executing a Python script for this, but concerned about latency and PDD.... Any thoughts? Any suggestions? Any known best-practice?
Atenciosamente / Kind Regards / Cordialement / Un saludo,
Sérgio Charrua
Have you considered an inbetween service (such as a go/python/node api listener) to handle the authentication / token issuance part?
In theory I assume you could use the JWT and other modules to help do what you are looking for, but you’re really hacking kamailio to be an http api server at that point and although it may be able to do it quite well, it’s really not the first candidate I’d choose for the job.
Regards,
Fred Posner https://fredoso.com
On Aug 27, 2024, at 7:54 AM, Fred Posner via sr-users sr-users@lists.kamailio.org wrote:
In theory I assume you could use the JWT and other modules to help do what you are looking for, but you’re really hacking kamailio to be an http api server at that point and although it may be able to do it quite well, it’s really not the first candidate I’d choose for the job.
I assumed from the OP that this wasn't on the table ipso facto. If it is, I definitely agree that this is a better way to go.
Thanks Fred!
... but you’re really hacking kamailio to be an http api server...
Actually it will be a HTTP Client...kamailio will send requests to an HTTPS REST Service that requires authentication, returning a JWT token if authentication is OK. Then, with the Token, Kamailio will make another HTTPS Request to another endpoint of the REST Service to do some voodoo.... My issue is on how to handle, on Kamailio, the authentication JWT token returned from the REST Service.
I did consider having a Python script handling HTTP requests...might be the best solution, as it is (or seems to be....) more flexible in the long term....
Atenciosamente / Kind Regards / Cordialement / Un saludo,
*Sérgio Charrua*
On Tue, Aug 27, 2024 at 1:08 PM Fred Posner via sr-users < sr-users@lists.kamailio.org> wrote:
On Aug 27, 2024, at 6:58 AM, Sergio Charrua via sr-users <
sr-users@lists.kamailio.org> wrote:
Hi all!
I need to integrate a REST Service with Kamailio. Integration is easy,
not a problem, but my concern is that the REST Services has a JWT token authentication required for each request, common to many (it not all) REST Services.
So, it is required to POST for authentication (username and password)
and once I get authentication done, and receive a JWT token, I will need to use this token in all other requests to the REST Service. The token is valid for 24h.
My question is:
- how to save the token for use during 24h, on all calls/sessions,
without the need to authenticate on every call?
- how to detect the token has expired and re-authenticate?
I looked for some modules, but could not find any that suited me. I am thinking of executing a Python script for this, but concerned about
latency and PDD....
Any thoughts? Any suggestions? Any known best-practice?
Atenciosamente / Kind Regards / Cordialement / Un saludo,
Sérgio Charrua
Have you considered an inbetween service (such as a go/python/node api listener) to handle the authentication / token issuance part?
In theory I assume you could use the JWT and other modules to help do what you are looking for, but you’re really hacking kamailio to be an http api server at that point and although it may be able to do it quite well, it’s really not the first candidate I’d choose for the job.
Regards,
Fred Posner https://fredoso.com
Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
You may consider writing the entire routing script in python as well - check out KEMI.
вт, 27 авг. 2024 г. в 15:38, Sergio Charrua via sr-users < sr-users@lists.kamailio.org>:
Thanks Fred!
... but you’re really hacking kamailio to be an http api server...
Actually it will be a HTTP Client...kamailio will send requests to an HTTPS REST Service that requires authentication, returning a JWT token if authentication is OK. Then, with the Token, Kamailio will make another HTTPS Request to another endpoint of the REST Service to do some voodoo.... My issue is on how to handle, on Kamailio, the authentication JWT token returned from the REST Service.
I did consider having a Python script handling HTTP requests...might be the best solution, as it is (or seems to be....) more flexible in the long term....
Atenciosamente / Kind Regards / Cordialement / Un saludo,
*Sérgio Charrua*
On Tue, Aug 27, 2024 at 1:08 PM Fred Posner via sr-users < sr-users@lists.kamailio.org> wrote:
On Aug 27, 2024, at 6:58 AM, Sergio Charrua via sr-users <
sr-users@lists.kamailio.org> wrote:
Hi all!
I need to integrate a REST Service with Kamailio. Integration is easy,
not a problem, but my concern is that the REST Services has a JWT token authentication required for each request, common to many (it not all) REST Services.
So, it is required to POST for authentication (username and password)
and once I get authentication done, and receive a JWT token, I will need to use this token in all other requests to the REST Service. The token is valid for 24h.
My question is:
- how to save the token for use during 24h, on all calls/sessions,
without the need to authenticate on every call?
- how to detect the token has expired and re-authenticate?
I looked for some modules, but could not find any that suited me. I am thinking of executing a Python script for this, but concerned
about latency and PDD....
Any thoughts? Any suggestions? Any known best-practice?
Atenciosamente / Kind Regards / Cordialement / Un saludo,
Sérgio Charrua
Have you considered an inbetween service (such as a go/python/node api listener) to handle the authentication / token issuance part?
In theory I assume you could use the JWT and other modules to help do what you are looking for, but you’re really hacking kamailio to be an http api server at that point and although it may be able to do it quite well, it’s really not the first candidate I’d choose for the job.
Regards,
Fred Posner https://fredoso.com
Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
On Aug 27, 2024, at 8:18 AM, Sergio Charrua via sr-users sr-users@lists.kamailio.org wrote:
Thanks Fred!
... but you’re really hacking kamailio to be an http api server...
Actually it will be a HTTP Client...kamailio will send requests to an HTTPS REST Service that requires authentication, returning a JWT token if authentication is OK. Then, with the Token, Kamailio will make another HTTPS Request to another endpoint of the REST Service to do some voodoo.... My issue is on how to handle, on Kamailio, the authentication JWT token returned from the REST Service.
I did consider having a Python script handling HTTP requests...might be the best solution, as it is (or seems to be....) more flexible in the long term....
Atenciosamente / Kind Regards / Cordialement / Un saludo,
Sérgio Charrua
In that case the htable model is a good one. You can set an expiration time on the htable entry to match the time of the token and then renew based on expiration.
KEMI might be a good choice as well (and handle it in python, ruby, whatever)
Regards,
Fred Posner
Hello,
don’t looked into the details, but the kamailio jwt module has a verify function (https://www.kamailio.org/docs/modules/stable/modules/jwt.html)
Regarding storage, you can easily store them in a DB table with sqlops, or in htable in memory with automatic 24h expiry, just two options. The DB could be used from multiple Kamailio servers, htable would be individual per server.
Cheers,
Henning
-- Henning Westerholt – https://skalatan.de/blog/ Kamailio services – https://gilawa.comhttps://gilawa.com/
From: Sergio Charrua via sr-users sr-users@lists.kamailio.org Sent: Dienstag, 27. August 2024 12:58 To: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org Cc: Sergio Charrua sergio.charrua@voip.pt Subject: [SR-Users] Kamailio integration with REST services
Hi all!
I need to integrate a REST Service with Kamailio. Integration is easy, not a problem, but my concern is that the REST Services has a JWT token authentication required for each request, common to many (it not all) REST Services. So, it is required to POST for authentication (username and password) and once I get authentication done, and receive a JWT token, I will need to use this token in all other requests to the REST Service. The token is valid for 24h. My question is: - how to save the token for use during 24h, on all calls/sessions, without the need to authenticate on every call? - how to detect the token has expired and re-authenticate?
I looked for some modules, but could not find any that suited me. I am thinking of executing a Python script for this, but concerned about latency and PDD.... Any thoughts? Any suggestions? Any known best-practice?
Atenciosamente / Kind Regards / Cordialement / Un saludo,
Sérgio Charrua
Thanks Henning,
I did take a look at the JWT module, prior posting to the ML, but it seems to me that it requires a private key (.pem) which I won't have access to, hence the only way to authenticate is to send a HTTPS request to an URL with the login and password in it.... Or am I missing something?
The DB Table might be a good option, though the high amount of CPS might overload the database, so I will try the HTable option instead.
Atenciosamente / Kind Regards / Cordialement / Un saludo,
*Sérgio Charrua*
On Tue, Aug 27, 2024 at 12:57 PM Henning Westerholt hw@gilawa.com wrote:
Hello,
don’t looked into the details, but the kamailio jwt module has a verify function (https://www.kamailio.org/docs/modules/stable/modules/jwt.html)
Regarding storage, you can easily store them in a DB table with sqlops, or in htable in memory with automatic 24h expiry, just two options. The DB could be used from multiple Kamailio servers, htable would be individual per server.
Cheers,
Henning
--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com
*From:* Sergio Charrua via sr-users sr-users@lists.kamailio.org *Sent:* Dienstag, 27. August 2024 12:58 *To:* Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org *Cc:* Sergio Charrua sergio.charrua@voip.pt *Subject:* [SR-Users] Kamailio integration with REST services
Hi all!
I need to integrate a REST Service with Kamailio. Integration is easy, not a problem, but my concern is that the REST Services has a JWT token authentication required for each request, common to many (it not all) REST Services.
So, it is required to POST for authentication (username and password) and once I get authentication done, and receive a JWT token, I will need to use this token in all other requests to the REST Service. The token is valid for 24h.
My question is:
- how to save the token for use during 24h, on all calls/sessions, without
the need to authenticate on every call?
- how to detect the token has expired and re-authenticate?
I looked for some modules, but could not find any that suited me.
I am thinking of executing a Python script for this, but concerned about latency and PDD....
Any thoughts? Any suggestions? Any known best-practice?
Atenciosamente / Kind Regards / Cordialement / Un saludo,
*Sérgio Charrua*
On Aug 27, 2024, at 7:57 AM, Henning Westerholt via sr-users sr-users@lists.kamailio.org wrote:
htable would be individual per server.
It's worth pointing out that htable can be replicated via DMQ.
This might seem like needless pedantry, but I've used this to successful effect in number of places to remove dependency on external storage mechanisms.
-- Alex
Hi Alex,
you are right of course, DMQ can be used to synchronize htable content. Not sure I would use it personally for security tokens in this special case, due to the lack of synchronisation, integrity protections and encryption (the two latter parts can of course be mitigated by using TLS).
Cheers,
Henning
-----Original Message----- From: Alex Balashov via sr-users sr-users@lists.kamailio.org Sent: Dienstag, 27. August 2024 14:13 To: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org Cc: Alex Balashov abalashov@evaristesys.com Subject: [SR-Users] Re: Kamailio integration with REST services
On Aug 27, 2024, at 7:57 AM, Henning Westerholt via sr-users <sr-
users@lists.kamailio.org> wrote:
htable would be individual per server.
It's worth pointing out that htable can be replicated via DMQ.
This might seem like needless pedantry, but I've used this to successful effect in number of places to remove dependency on external storage mechanisms.
-- Alex
-- Alex Balashov Principal Consultant Evariste Systems LLC Web: https://evaristesys.com Tel: +1-706-510-6800
Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Hi, The Htable module might be useful. Also you could set expire time validation for 24h. Best regards. Mojtaba
On Tue, Aug 27, 2024, 14:56 Sergio Charrua via sr-users < sr-users@lists.kamailio.org> wrote:
Hi all!
I need to integrate a REST Service with Kamailio. Integration is easy, not a problem, but my concern is that the REST Services has a JWT token authentication required for each request, common to many (it not all) REST Services. So, it is required to POST for authentication (username and password) and once I get authentication done, and receive a JWT token, I will need to use this token in all other requests to the REST Service. The token is valid for 24h. My question is:
- how to save the token for use during 24h, on all calls/sessions, without
the need to authenticate on every call?
- how to detect the token has expired and re-authenticate?
I looked for some modules, but could not find any that suited me. I am thinking of executing a Python script for this, but concerned about latency and PDD.... Any thoughts? Any suggestions? Any known best-practice?
Atenciosamente / Kind Regards / Cordialement / Un saludo,
*Sérgio Charrua*
Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Hi,
You can use a $shv() variable to store the key. To track it you can use rtimer or just don't track it at lll, but just renew at 403. There are other ways tho, these are what I use
вт, 27 авг. 2024 г. в 14:25, Sergio Charrua via sr-users < sr-users@lists.kamailio.org>:
Hi all!
I need to integrate a REST Service with Kamailio. Integration is easy, not a problem, but my concern is that the REST Services has a JWT token authentication required for each request, common to many (it not all) REST Services. So, it is required to POST for authentication (username and password) and once I get authentication done, and receive a JWT token, I will need to use this token in all other requests to the REST Service. The token is valid for 24h. My question is:
- how to save the token for use during 24h, on all calls/sessions, without
the need to authenticate on every call?
- how to detect the token has expired and re-authenticate?
I looked for some modules, but could not find any that suited me. I am thinking of executing a Python script for this, but concerned about latency and PDD.... Any thoughts? Any suggestions? Any known best-practice?
Atenciosamente / Kind Regards / Cordialement / Un saludo,
*Sérgio Charrua*
Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
-
Alex Balashov -
Alexandru Covalschi -
Fred Posner -
Henning Westerholt -
Mojtaba -
Sergio Charrua