Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT authentication token too long for SRT publish #3430

Open
1 of 13 tasks
dm-dma opened this issue Jun 7, 2024 · 1 comment
Open
1 of 13 tasks

JWT authentication token too long for SRT publish #3430

dm-dma opened this issue Jun 7, 2024 · 1 comment
Labels
bug Something isn't working srt

Comments

@dm-dma
Copy link

dm-dma commented Jun 7, 2024

Which version are you using?

v1.8.2

Which operating system are you using?

  • Linux amd64 standard
  • Linux amd64 Docker
  • Linux arm64 standard
  • Linux arm64 Docker
  • Linux arm7 standard
  • Linux arm7 Docker
  • Linux arm6 standard
  • Linux arm6 Docker
  • Windows amd64 standard
  • Windows amd64 Docker (WSL backend)
  • macOS amd64 standard
  • macOS amd64 Docker
  • Other (please describe)

Describe the issue

In order to send the JWT token using SRT when JWT authentication is enabled, the JWT token is a part of the stream ID:
srt://x.x.x.x:8890?streamid=publish:mystream:jwt=[token]

The issue with this implementation is that the streamid may only contain 512 characters. We created a token with almost the bare minimum but ended up with 685 characters:
https://github.com/Haivision/srt/blob/master/docs/features/access-control.md

So technically this is not a bug and this is SRT related. But this leaves us with an implementation that is unusable, or is there another way to pass JWT tokens?

Describe how to replicate the issue

  1. start the server
  2. publish with ...
./srt-live-transmit udp://:5004 "srt://192.168.5.99:8890?streamid=publish:mystream:jwt=[token]" -v -s 100 -ll debug
Media path: 'udp://:5004' --> 'srt://192.168.5.99:8890?streamid=publish:mystream:jwt=[token]'
SRT parameters specified:

        streamid = 'publish:mystream:jwt=[token]'
Opening SRT target caller on 192.168.5.99:8890
16:52:24.463124/srt-live-transm D:SRT.sm: generateSocketID: : @310547703
WARNING: failed to set options: streamid,

ERROR #5003.0: Operation not supported: Bad parameters
SrtCommon: DESTROYING CONNECTION, closing sockets (rt%310547703 ls%-1)...
SrtCommon: ... done.
ERROR: error: ConfigurePre: Operation not supported: Bad parameters

Did you attach the server logs?

no

Did you attach a network dump?

no
@dm-dma dm-dma mentioned this issue Jun 7, 2024
Open
@aler9 aler9 added bug Something isn't working srt labels Jun 17, 2024
@aler9
Copy link
Member

aler9 commented Jun 17, 2024

Hello, your analysis is right. Although the server tries to provide a protocol-independent set of features, sometimes it happens that a specific feature is not compatible with a certain protocol. JWTs are the standard way to authenticate requests without continuously polling an identity server, and supporting them has provided lots of benefits, but evidently they cannot be used with SRT. There isn't an easy solution for this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working srt
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aler9 @dm-dma