W3C home > Mailing lists > Public > public-webrtc@w3.org > August 2016

Re: Issue 714: STUN/TURN OAuth token auth parameter handover

From: Harald Alvestrand <harald@alvestrand.no>
Date: Fri, 19 Aug 2016 11:57:36 +0200
To: public-webrtc@w3.org
Message-ID: <a2613c08-d423-b037-3653-5818e827d495@alvestrand.no>
Den 15. aug. 2016 19:46, skrev Bernard Aboba:
> https://github.com/w3c/webrtc-pc/issues/714
> 
>  
> 
> Today we have:
> 
>  
> 
> dictionary *RTCIceServer*{
> 
>     required (DOMString or sequence<DOMString>)|urls|;
> 
>              DOMString                          |username|
> <http://w3c.github.io/webrtc-pc/#dom-rtciceserver-username>;
> 
>              DOMString                          |credential|
> <http://w3c.github.io/webrtc-pc/#dom-rtciceserver-credential>;
> 
>              |RTCIceCredentialType|               |credentialType|= "password";
> 
> };
> 
>  
> 
>  
> 
> enum *RTCIceCredentialType*{
> 
>     "password
> <http://w3c.github.io/webrtc-pc/#dom-rtcicecredentialtype-password>",
> 
>     "token <http://w3c.github.io/webrtc-pc/#dom-rtcicecredentialtype-token>"
> 
> };
> 
>  
> 
> This issue asks how (or if) this can be used to support RFC 7635
> <https://tools.ietf.org/html/rfc7635> (OAuth 2.0) when credentialType =
> “token”.
> 
>  
> 
> An example of an access token is given in RFC 7635, Appendix B:
> 
>  
> 
>         {
> 
>           "access_token":
> 
>    "U2FsdGVkX18qJK/kkWmRcnfHglrVTJSpS6yU32kmHmOrfGyI3m1gQj1jRPsr0uBb
> 
>    HctuycAgsfRX7nJW2BdukGyKMXSiNGNnBzigkAofP6+Z3vkJ1Q5pWbfSRroOkWBn",
> 
>           "token_type":"pop",
> 
>           "expires_in":1800,
> 
>           "kid":"22BIjxU93h/IgwEb",
> 
>           "key":"v51N62OM65kyMvfTI08O"
> 
>           "alg":HMAC-SHA-256-128
> 
>         }
> 
>  
> 
> Rather than adding new attributes to RTCIceServer (as proposed in Issue
> 714), is there a reason why such a token couldn’t be passed in
> RTCIceServer.credential with RTCIceServer.credentialType = “token”?
> 

I assume that you would then have the "credential" be the JSON-encoded
value of that structure? Or do we just need the "access_token" part?

Since PR #714 puts the credential in a DOMString too, I see no
difference between the two approaches in expressive power or ease of
access to components of a token.

Should the RTCIceCredentialType be extended with the value
"oauth2-token", or is "token" explicit enough?
Received on Friday, 19 August 2016 09:58:09 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:49 UTC