[sr-dev] [kamailio/kamailio] [Feature] RFC 8898 support (#2669)

[Federico Cabiddu]

Hi,
actually you can implement RFC 8898 in kamailio routing script, all the pieces are already there.
For the challenge you can easily reply 401/407 adding a "forged" WWW-Authenticate header with Bearer schema and authz-server.
For the token validation:
  - if it's a structured token you can validate the JWT and extract the claims using the jwt module and jansson module
  - if it's a reference token you can call the /inspect endpoint using http_client or http_async_client modules and parsing the response with jansson module
Basically all the RFC is here, being the claims and how they apply to the routing logic strictly domain/business logic dependent. 
A dedicated module would just wrap the token validation and challenge logics into some functions exposed to kemi/script.
I've though about this for some time but at the end I didn't started for lack of time and because the implemenation I've done using routing script is fullfilling our needs and running in production since several years.
But it would be probably nice to have :)
About the client, I'm not aware on any client actively working on implementing it, in my case I'm using a modified Linphone client for android/iOS. 


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2669#issuecomment-797378574
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20210312/4334f28e/attachment.htm>