[sr-dev] [kamailio] Anyone thinking about adding JWT (JSON Web Token) support to Kamailio (#29)
Peter Dunkley
notifications at github.com
Tue Jan 13 22:05:37 CET 2015
I have been considering this for some time.
I think there should be a new auth_jwt module, probably based on auth_ephemeral (which is similar in concept). For SIP over WebSockets this can then be used to authenticate the client during the WebSocket handshake.
There should be a “Private Claim Name” defined to contain the identity of the calling/registering party. This can be cached during the WebSocket handshake and then used to valid the To-URI (REGISTER/PUBLISH) and From-URI (other requests without To-tags). The “Expiration Time Claim” should be cached too.
auth_jwt should contain helper functions for checking URIs and whether the token is still valid - similar to those in auth_ephemeral.
Regards,
Peter
—
Peter Dunkley
http://www.dunkley.me.uk/ <http://www.dunkley.me.uk/>
http://www.linkedin.com/in/pdunkley <http://www.linkedin.com/in/pdunkley>
> On 13 Jan 2015, at 20:59, kamailio-sync <notifications at github.com> wrote:
>
>
> On 12 Jan 2015, at 21:34, mading087 <notifications at github.com> wrote:
>
> > It seems a good idea to support JWT as a new SIP authorization method. Wonder if anyone is interested? Think auth_db would be the best spot to add support for JWT.
> >
> Please check the work that is ongoing with OAuth - there is an IETF draft on that.
>
> /O
> —
> Reply to this email directly or view it on GitHub <https://github.com/kamailio/kamailio/issues/29#issuecomment-69818698>.
>
---
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/29#issuecomment-69819723
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20150113/e849d980/attachment-0001.html>
More information about the sr-dev
mailing list