Re: Issue 714: STUN/TURN OAuth token auth parameter handover from Bernard Aboba on 2016-08-15 (public-webrtc@w3.org from August 2016)

From: Bernard Aboba <Bernard.Aboba@microsoft.com>
Date: Mon, 15 Aug 2016 17:46:54 +0000
To: "public-webrtc@w3.org" <public-webrtc@w3.org>
Message-ID: <DM2PR21MB0075890410D29B3DA5978392EC120@DM2PR21MB0075.namprd21.prod.outlook.com>

https://github.com/w3c/webrtc-pc/issues/714

Today we have:


dictionary RTCIceServer {

    required (DOMString or sequence<DOMString>) urls;

             DOMString                          username<http://w3c.github.io/webrtc-pc/#dom-rtciceserver-username>;

             DOMString                          credential<http://w3c.github.io/webrtc-pc/#dom-rtciceserver-credential>;

             RTCIceCredentialType               credentialType = "password";

};



enum RTCIceCredentialType {

    "password<http://w3c.github.io/webrtc-pc/#dom-rtcicecredentialtype-password>",

    "token<http://w3c.github.io/webrtc-pc/#dom-rtcicecredentialtype-token>"

};

This issue asks how (or if) this can be used to support RFC 7635<https://tools.ietf.org/html/rfc7635> (OAuth 2.0) when credentialType = "token".

An example of an access token is given in RFC 7635, Appendix B:


        {

          "access_token":

   "U2FsdGVkX18qJK/kkWmRcnfHglrVTJSpS6yU32kmHmOrfGyI3m1gQj1jRPsr0uBb

   HctuycAgsfRX7nJW2BdukGyKMXSiNGNnBzigkAofP6+Z3vkJ1Q5pWbfSRroOkWBn",

          "token_type":"pop",

          "expires_in":1800,

          "kid":"22BIjxU93h/IgwEb",

          "key":"v51N62OM65kyMvfTI08O"

          "alg":HMAC-SHA-256-128

        }

Rather than adding new attributes to RTCIceServer (as proposed in Issue 714), is there a reason why such a token couldn't be passed in RTCIceServer.credential with RTCIceServer.credentialType = "token"?

Received on Monday, 15 August 2016 17:47:25 UTC