Started creating a new module auth_jwt, which supports JSON Web Token for auth. Need to access the database to validate some claims in the token. Wonder if I should just make a function call to auth_db or copy the code from auth_db? Which approach is a better approach? Thanks.
--- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/50
copying code is always bad. Many modules are just built to offer functions for other modules. regards klaus
On 22.01.2015 17:11, mading087 wrote:
Started creating a new module auth_jwt, which supports JSON Web Token for auth. Need to access the database to validate some claims in the token. Wonder if I should just make a function call to auth_db or copy the code from auth_db? Which approach is a better approach? Thanks.
— Reply to this email directly or view it on GitHub https://github.com/kamailio/kamailio/issues/50.
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
If you make a function call to auth_db, then you create an unnecessary dependency on that module. Copying code is not good. The right solution here would be to create a library that will hold common code for both auth_db and auth_jwt. The library will be automatically loaded by both modules.
Take a look at the db_* modules that are using srdb1 and srdb2 libraries.
Regards, Ovidiu Sas
On Thu, Jan 22, 2015 at 11:11 AM, mading087 notifications@github.com wrote:
Started creating a new module auth_jwt, which supports JSON Web Token for auth. Need to access the database to validate some claims in the token. Wonder if I should just make a function call to auth_db or copy the code from auth_db? Which approach is a better approach? Thanks.
— Reply to this email directly or view it on GitHub https://github.com/kamailio/kamailio/issues/50.
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
What kind of token you need to validate using the same query as in auth_db? That is used to fetch the password for WWW Digest authentication.
I am not sure what can be made a library from auth_db. Access to database is a library already. I don't want to make auth_db more complex that it is now by adding other layers of abstraction for getting a library out of it, I don't see how that can be done given the existing functionality.
Maybe you can give more specific details about what you need and then you will get a precise answer.
--- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/50#issuecomment-71167696
JSON Web Token usually has 3 parts: header, claim set, and signature. For example, header: {"typ":"JWT", "alg":"RS256"} claims: {"iss":"joe","iss":http://id.server.com%22,%22sub":<user>@<sipdomain>",exp":1300819380, "http://example.com/is_root%22:true%7D signature: RSA signature on hash of {base64(header) ||"."||base64(claims)}
In addition to validate the signature, we'd also need to check the "sub" (subject) to make sure the user is in the database (sip table). It seems the simplest way is to check if the <user> and <sipdomain> from "sub" belong to a valid record in sip table.
--- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/50#issuecomment-71212126
It doesn't look like a need to re-use code from auth_db in any way, you can make the query from the new module (it will be simpler than what auth_db does) or rely on the config file (e.g., is_subscriber() or use of sqlops). I am saying because the allowed user identity can be also in uri table (see uri_db module).
--- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/50#issuecomment-71912539
Thanks for the help. Didn't use auth_db, just made query from new module, the db access worked. The auth_jwt module is almost done. Did some test with pjsip. Will have to go through some internal process before I can share it. What is the process to ask Kamailio community to review a new module?
On Wed, Jan 28, 2015 at 2:47 PM, Daniel-Constantin Mierla < notifications@github.com> wrote:
It doesn't look like a need to re-use code from auth_db in any way, you can make the query from the new module (it will be simpler than what auth_db does) or rely on the config file (e.g., is_subscriber() or use of sqlops). I am saying because the allowed user identity can be also in uri table (see uri_db module).
— Reply to this email directly or view it on GitHub https://github.com/kamailio/kamailio/issues/50#issuecomment-71912539.
--- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/50#issuecomment-71930260
Closed #50.
--- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/50#event-226445979
-
Daniel-Constantin Mierla -
Klaus Darilion -
mading087
-
Ovidiu Sas