WebRTC Authorization? #3142

tschettervictor · 2024-03-17T13:17:47Z

tschettervictor
Mar 17, 2024

Question

How does on include the auth credentials in the url when publishing a webrtc stream?

mav8erick · 2024-04-22T19:11:51Z

mav8erick
Apr 22, 2024

Hey,

I think I have the same question. Unfortunately, it's not fully explained here. https://github.com/bluenviron/mediamtx?tab=readme-ov-file#webrtc-clients
If I deactivate the internal authentication, I can stream without a stream key.

0 replies

aler9 · 2024-06-21T21:12:04Z

aler9
Jun 21, 2024
Maintainer

Hello, including auth credentials in the URL is a security flaw that is blocked by all browsers for security reasons. Credentials should not be propagated together with URLs.

Instead of credentials, you can use JWTs and append them to the URL in this format:

http://localhost:8889/mystream?jwt=MY_JWT

JWTs have a limited lifetime and therefore are more secure. Instructions on how to setup JWTs are in the README.

Regarding OBS, in OBS there's a dedicated space called "Bearer Token" in which you can either put plain credentials in this format:

username:password

or, if JWTs are enabled, you can just put the JWT.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WebRTC Authorization? #3142

{{title}}

Replies: 2 comments

{{title}}

{{title}}

Select a reply

WebRTC Authorization? #3142

tschettervictor Mar 17, 2024

Question

Replies: 2 comments

mav8erick Apr 22, 2024

aler9 Jun 21, 2024 Maintainer

tschettervictor
Mar 17, 2024

mav8erick
Apr 22, 2024

aler9
Jun 21, 2024
Maintainer