Thanks for the comments. Think a new module auth_jwt is a better way. Will take a closer
look at auth_ephemeral. The two IETF draft I was looking at are
http://www.ietf.org/id/draft-ietf-oauth-json-web-token-32.txt
<http://www.ietf.org/id/draft-ietf-oauth-json-web-token-32.txt> and
http://www.ietf.org/id/draft-ietf-jose-json-web-signature-40.txt
<http://www.ietf.org/id/draft-ietf-jose-json-web-signature-40.txt>. OAuth 2.0 is a
nice framework to handle auth and issue web tokens. But maybe the first step is to use
configured public keys to verify the token and then use info from the token to validate
SIP messages. Another thing is that it seems we need a new SIP header to send the JWT
token. Cannot find an existing header that is suitable for JWT.
---
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/29#issuecomment-69868305