How to configure WebRTC with Coturn and oAuth
Asked Answered
R

1

9

I want to use coturn with oAuth. If I understood it correctly I need to do two things:

  • Storing the oAuth tokens in the database coturn is using
  • Sending the ACCESS-TOKEN and USERNAME STUN attributes

First point is clear but how do I need to change my WebRTC client to achieve the second point?

Without oAuth I would initialize my RTCPeerConnection like this:

var configuration = {
  'iceServers': [{
    'url': 'turn:turn.example.org',
    'username': 'user',
    'credential': 'password'
  }]
};
var pc = new RTCPeerConnection(configuration)

The WebRTC 1.0 draft defines a RTCIceCredentialType enum so i would think I need to change my configuration like this:

var configuration = {
  'iceServers': [{
    'url': 'turn:turn.example.org',
    'username': 'kid',
    'credential': 'oAuthToken',
    'credentialType': 'token'
  }]
};

Using Wireshark I can't see the ACESS-TOKEN attribute. Any ideas or does anyone know a working example?

Rattoon answered 28/7, 2015 at 15:6 Comment(9)
what is the command you are using to start the TURN server?Ranunculus
turnserver -n -f -v -l stdout -a --oauth -r "myRealm" -J "myMongoConnection"Rattoon
I am guessing you are getting 401 error in the TURN server logsRanunculus
Sorry for the late reply. You're right, the error is: 26: session 005000000000000001: realm <myRealm> user <my<user>: incoming packet message processed, error 401: Unknown error 26: check_stun_auth: user turn credentials are incorrect. I thought that coturn is using long term credentials here because the ACCESS-TOKEN attribute is not sent.Rattoon
I was trying it out for the last two days, was getting similar error, but I did not have an oauth setup, used a redis server, and manually added rows in itRanunculus
for my project, I use TURN auth secret, so need dependency on database, but hook is the system time of your server and that of WebRTC must be nearly similarRanunculus
my guess is, you must pass the mac_key as credential, also for some reason, suspect that it is checking the table turnusers_lt instead of oauth_key then again, I am only guessing.Ranunculus
Are you using the coturn REST API or oauth? The auth secret is only used for the REST API as far as I know. I'm also manually adding oauth keys to my DB and sending the ikm_key value as credential. My guess is that it's checking turnusers_lt because my client doesn't tell that he wants to use oauth because the credential is not passed as ACCESS-TOKEN. My guess is that the client is doing it wrong not the server.Rattoon
Let us continue this discussion in chat.Ranunculus
Y
1

It seems like things changed a bit since original question was asked. The webrtc-pc#1033 pull-request alters the spec and introduces the following iceServers configuration syntax:

var configuration = {
    'iceServers': [{
        "urls": "turns:turn.example.net",
        "username": "username",
        "credential": {
            "macKey": "...",
            "accessToken": "..."
        },
        "credentialType": "oauth"
    }],
    ...
}

See RTCIceServer documentation page for more configuration examples.

Yves answered 9/3, 2018 at 2:8 Comment(1)
Sadly, "credentialType": "oauth" was removed from the spec and turned into an extension because it was "at risk". :(Brass

© 2022 - 2024 — McMap. All rights reserved.