Alessandro Ros
ff187b6d8a
update golangci-lint configuration ( #5182 )
2025-11-11 23:57:52 +01:00
Alessandro Ros
85f57b90db
stop accepting JWTs from query parameters unless allowed in conf ( #5010 )
...
This is the first step into removing support for JWTs in
query parameters, which is a security flaw.
2025-09-22 10:04:51 +02:00
Alessandro Ros
68b4c20627
fix reading JWT when it is passed through the password field ( #5009 )
...
Usernames and passwords must be requested explicitly to clients, but
they were not requested when JWT is meant to be passed as password.
This fixes the issue.
2025-09-22 10:00:33 +02:00
Alessandro Ros
b517631b8f
fix authentication failure reason not being displayed ( #5007 )
2025-09-22 09:48:51 +02:00
Alessandro Ros
35aceaa4a9
send server name (SNI) when opening TLS connections ( #4973 )
code_lint / go (push) Waiting to run
code_lint / go_mod (push) Waiting to run
code_lint / docs (push) Waiting to run
code_lint / api_docs (push) Waiting to run
code_test / test_64 (push) Waiting to run
code_test / test_32 (push) Waiting to run
code_test / test_e2e (push) Waiting to run
2025-09-15 19:38:36 +02:00
Alessandro Ros
d423a71aaa
update linter settings ( #4790 )
2025-07-26 16:44:32 +02:00
Alessandro Ros
74bfb988d7
allow disabling JWT in HTTP query parameters ( #4518 )
2025-05-11 10:21:08 +02:00
Alessandro Ros
f97213ae6e
support passing JWTs through the password field ( #4516 )
...
code_lint / golangci_lint (push) Waiting to run
code_lint / mod_tidy (push) Waiting to run
code_lint / api_docs (push) Waiting to run
code_test / test_64 (push) Waiting to run
code_test / test_32 (push) Waiting to run
code_test / test_e2e (push) Waiting to run
This is safer than passing JWTs through query parameters, unfortunately support is limited.
2025-05-10 22:54:24 +02:00
Alessandro Ros
c8348db52d
rename jwtRefresh into jwksRefresh ( #4515 )
code_lint / golangci_lint (push) Waiting to run
code_lint / mod_tidy (push) Waiting to run
code_lint / api_docs (push) Waiting to run
code_test / test_64 (push) Waiting to run
code_test / test_32 (push) Waiting to run
code_test / test_e2e (push) Waiting to run
2025-05-10 21:14:20 +02:00
Alessandro Ros
d3976fbc15
do not ask for credentials when authentication method is JWT ( #4450 ) ( #4513 )
2025-05-10 16:20:22 +02:00
Alessandro Ros
db3c2f8cae
add authJWTJWKSFingerprint ( #4409 ) ( #4514 )
2025-05-10 16:12:35 +02:00
Dan Nicholls
7360981aa7
Feat: Add JWKS rotation API endpoint ( #4463 )
...
code_lint / golangci_lint (push) Waiting to run
code_lint / mod_tidy (push) Waiting to run
code_lint / api_docs (push) Waiting to run
code_test / test_64 (push) Waiting to run
code_test / test_32 (push) Waiting to run
code_test / test_e2e (push) Waiting to run
Co-authored-by: aler9 <46489434+aler9@users.noreply.github.com>
2025-05-10 13:44:02 +02:00
Alessandro Ros
a348007607
support parsing JWT claims encoded as strings ( #3696 ) ( #4465 )
2025-04-28 22:22:42 +02:00
Dimitri Marechal
1827e062bd
add authJWTExclude to exclude actions when using JWT ( #3431 )
...
code_lint / golangci_lint (push) Has been cancelled
code_lint / mod_tidy (push) Has been cancelled
code_lint / api_docs (push) Has been cancelled
code_test / test_64 (push) Has been cancelled
code_test / test_32 (push) Has been cancelled
code_test / test_e2e (push) Has been cancelled
* Added authJWTExclude to allow exclusion of actions while using the JWT authentication method
* add test
---------
Co-authored-by: aler9 <46489434+aler9@users.noreply.github.com>
2025-04-25 19:55:11 +02:00
Alessandro Ros
386be42784
rtsp: rewrite authentication around ServerConn.VerifyCredentials ( #4267 )
code_lint / golangci_lint (push) Has been cancelled
code_lint / mod_tidy (push) Has been cancelled
code_lint / api_docs (push) Has been cancelled
code_test / test_64 (push) Has been cancelled
code_test / test_32 (push) Has been cancelled
code_test / test_highlevel (push) Has been cancelled
2025-02-18 17:54:13 +01:00
Alessandro Ros
7ade2896e5
warn users when non-existent fields are used in conf ( #4261 )
2025-02-18 15:23:44 +01:00
Alessandro Ros
244da930a1
switch to mediacommon/v2 ( #4259 )
code_lint / golangci_lint (push) Waiting to run
code_lint / mod_tidy (push) Waiting to run
code_lint / api_docs (push) Waiting to run
code_test / test_64 (push) Waiting to run
code_test / test_32 (push) Waiting to run
code_test / test_highlevel (push) Waiting to run
2025-02-17 14:54:58 +01:00
Alessandro Ros
8f04264fe5
webrtxc: fix MTX_QUERY not set when reading or publishing ( #4138 ) ( #3937 ) ( #4141 )
2025-01-11 17:29:48 +01:00
Alessandro Ros
534b637bc7
support using JWT in Authorization header with API, Metrics, PProf ( #3630 ) ( #3795 )
2024-10-05 21:15:21 +02:00
Alessandro Ros
0d1da6bd5b
allow to set the JWT claim key that contains permissions ( #3560 ) ( #3692 )
2024-08-26 12:43:28 +02:00
Alessandro Ros
f3ed659fab
rtsp: fix authentication when algorithm field is not supported ( #3116 ) ( #3314 )
2024-05-15 10:28:12 +02:00
Alessandro Ros
dcb5b45e84
update dependencies ( #3325 )
2024-05-05 19:06:47 +02:00
Alessandro Ros
1204f76eb7
update golangci-lint ( #3300 )
2024-04-28 18:20:08 +02:00
Alessandro Ros
b84f0b90d0
add JWT authentication tests ( #3272 )
2024-04-18 22:58:37 +02:00
Alessandro Ros
9c6ba7e2c7
New authentication system ( #1341 ) ( #1992 ) ( #2205 ) ( #3081 )
...
This is a new authentication system that covers all the features exposed by the server, including playback, API, metrics and PPROF, improves internal authentication by adding permissions, improves HTTP-based authentication by adding the ability to exclude certain actions from being authenticated, adds an additional method (JWT-based authentication).
2024-03-04 14:20:34 +01:00
