Open Bug 1247616 Opened 6 years ago Updated 2 years ago

Support RFC 7635 (TURN OAuth)

Categories

(Core :: WebRTC: Networking, defect, P3)

38 Branch
defect

Tracking

()

Blocking Flags:

People

(Reporter: mreavy, Assigned: bakfitty)

References

(Blocks 1 open bug)

Details

(Whiteboard: dev-doc-needed)

This is similar to the Chromium issue https://bugs.chromium.org/p/webrtc/issues/detail?id=4907

Initial analysis for prioritization: The key purpose of this is to allow short-lived access to TURN resources without having a tight binding between the web server and the TURN server. The fact that it’s using a different STUN attribute (than password) to communicate the access token is really protocol hygiene. It doesn’t make anything possible that wouldn’t otherwise be possible.  So early implementations can use the technique described in here, but with normal TURN passwords holding the tokens.

For this reason, we are putting this on our longer term roadmap, not our short-term roadmap.  If anyone feels this should be done on the short-term roadmap, please make the argument in this bug.
backlog: --- → webrtc/webaudio+
Rank: 35
See Also: → 1247619
Until support for TURN OAuth is generally available in WebRTC browsers, implementors may wish to look at the technique described in https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00 -- it requires no browser support, and only moderate coordination between the application (web) server and the TURN server.
Whiteboard: dev-doc-needed
Rank: 35 → 25
Priority: P3 → P2
Mass change P2->P3 to align with new Mozilla triage process.
Priority: P2 → P3
Blocks: 1533017

I want to implement this feature..

To make it happen am I correct that I need

  1. Add two new STUN attribute(THIRD-PARTY-AUTHORIZATION, ACCESS-TOKEN) for the token and some logic to handle properly OAuth negotiation with turn server in nICEr.
  2. Extend nicerctx mtransport wrapper the NrIceTurnServer class and some logic in ToNicerTurnStruct function and in SetTurnServers function.
  3. Some changes in peerconnection.jsm in validation

Am I missed any other place where I should make changes?

Thanks

Byron, do you think you can give directions to Misi developing that feature?

Flags: needinfo?(docfaraday)

That seems like the right approach to me, although you will also need to update testing/web-platform/meta/webrtc/RTCConfiguration-iceServers.html.ini to stop expecting failures on some of the test-cases.

Flags: needinfo?(docfaraday)
Assignee: nobody → bakfitty

I have a working Prof of Concept code, that Authenticated successfully against coTURN server and relayed media traffic.
There is a bug on coTURN side that I need to fix.

I will clean the code and submit for a review hopefully in this month..

Many thanks for the help and guidance to Alex & Byron

You need to log in before you can comment on or make changes to this bug.