27 Aug
2024
27 Aug
'24
6:58 a.m.
Hi all!
I need to integrate a REST Service with Kamailio. Integration is easy, not
a problem, but my concern is that the REST Services has a JWT token
authentication required for each request, common to many (it not all) REST
Services.
So, it is required to POST for authentication (username and password) and
once I get authentication done, and receive a JWT token, I will need to use
this token in all other requests to the REST Service. The token is valid
for 24h.
My question is:
- how to save the token for use during 24h, on all calls/sessions, without
the need to authenticate on every call?
- how to detect the token has expired and re-authenticate?
I looked for some modules, but could not find any that suited me.
I am thinking of executing a Python script for this, but concerned about
latency and PDD....
Any thoughts? Any suggestions? Any known best-practice?
Atenciosamente / Kind Regards / Cordialement / Un saludo,
*Sérgio Charrua*
27 Aug
27 Aug
7:49 a.m.
On Aug 27, 2024, at 6:58 AM, Sergio Charrua via
sr-users <sr-users(a)lists.kamailio.org> wrote:
My question is:
- how to save the token for use during 24h, on all calls/sessions, without the need to
authenticate on every call?
- how to detect the token has expired and re-authenticate?
The `htable` module can potentially assist with both tasks. You can use it to save the
token, and also set an expiration time of 24 hours. It's kind of like Redis, but
inside Kamailio.
Of course, expiring the token after 24 hours is not the same thing as detecting that it
has expired.
-- Alex
--
Alex Balashov
Principal Consultant
Evariste Systems LLC
Web: https://evaristesys.com
Tel: +1-706-510-6800
7:54 a.m.
On Aug 27, 2024, at 6:58 AM, Sergio Charrua via
sr-users <sr-users(a)lists.kamailio.org> wrote:
Hi all!
I need to integrate a REST Service with Kamailio. Integration is easy, not a problem, but
my concern is that the REST Services has a JWT token authentication required for each
request, common to many (it not all) REST Services.
So, it is required to POST for authentication (username and password) and once I get
authentication done, and receive a JWT token, I will need to use this token in all other
requests to the REST Service. The token is valid for 24h.
My question is:
- how to save the token for use during 24h, on all calls/sessions, without the need to
authenticate on every call?
- how to detect the token has expired and re-authenticate?
I looked for some modules, but could not find any that suited me.
I am thinking of executing a Python script for this, but concerned about latency and
PDD....
Any thoughts? Any suggestions? Any known best-practice?
Atenciosamente / Kind Regards / Cordialement / Un saludo,
Sérgio Charrua
Have you considered an inbetween service (such as a go/python/node api listener) to handle
the authentication / token issuance part?
In theory I assume you could use the JWT and other modules to help do what you are looking
for, but you’re really hacking kamailio to be an http api server at that point and
although it may be able to do it quite well, it’s really not the first candidate I’d
choose for the job.
Regards,
Fred Posner
https://fredoso.com
8:08 a.m.
On Aug 27, 2024, at 7:54 AM, Fred Posner via sr-users
<sr-users(a)lists.kamailio.org> wrote:
In theory I assume you could use the JWT and other modules to help do what you are
looking for, but you’re really hacking kamailio to be an http api server at that point and
although it may be able to do it quite well, it’s really not the first candidate I’d
choose for the job.
I assumed from the OP that this wasn't on the table ipso facto. If it is, I definitely
agree that this is a better way to go.
--
Alex Balashov
Principal Consultant
Evariste Systems LLC
Web: https://evaristesys.com
Tel: +1-706-510-6800
8:18 a.m.
Thanks Fred!
... but you’re really hacking kamailio to be an http
api server...
Actually it will be a HTTP Client...kamailio will send requests to an HTTPS
REST Service that requires authentication, returning a JWT token if
authentication is OK. Then, with the Token, Kamailio will make another
HTTPS Request to another endpoint of the REST Service to do some voodoo....
My issue is on how to handle, on Kamailio, the authentication JWT token
returned from the REST Service.
I did consider having a Python script handling HTTP requests...might be the
best solution, as it is (or seems to be....) more flexible in the long
term....
Atenciosamente / Kind Regards / Cordialement / Un saludo,
*Sérgio Charrua*
On Tue, Aug 27, 2024 at 1:08 PM Fred Posner via sr-users <
sr-users(a)lists.kamailio.org> wrote:
On Aug 27, 2024, at 6:58 AM, Sergio Charrua via
sr-users <
sr-users(a)lists.kamailio.org> wrote:
Hi all!
I need to integrate a REST Service with Kamailio. Integration is easy,
not a
problem, but my concern is that the REST Services has a JWT token
authentication required for each request, common to many (it not all) REST
Services.
So, it is required to POST for authentication
(username and password)
and once I get authentication done, and receive a JWT
token, I will need to
use this token in all other requests to the REST Service. The token is
valid for 24h.
My question is:
- how to save the token for use during 24h, on all calls/sessions,
without the
need to authenticate on every call?
- how to detect the token has expired and
re-authenticate?
I looked for some modules, but could not find any that suited me.
I am thinking of executing a Python script for this, but concerned about
latency
and PDD....
Any thoughts? Any suggestions? Any known
best-practice?
Atenciosamente / Kind Regards / Cordialement / Un saludo,
Sérgio Charrua
Have you considered an inbetween service (such as a go/python/node api
listener) to handle the authentication / token issuance part?
In theory I assume you could use the JWT and other modules to help do what
you are looking for, but you’re really hacking kamailio to be an http api
server at that point and although it may be able to do it quite well, it’s
really not the first candidate I’d choose for the job.
Regards,
Fred Posner
https://fredoso.com
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
8:50 a.m.
You may consider writing the entire routing script in python as well -
check out KEMI.
вт, 27 авг. 2024 г. в 15:38, Sergio Charrua via sr-users <
sr-users(a)lists.kamailio.org>gt;:
Thanks Fred!
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
--
Alexandru Covalschi
VoIP engineer and system administrator
tg: @acovalschi
... but you’re really hacking kamailio to be an
http api server...
Actually it will be a HTTP Client...kamailio will send requests to an
HTTPS REST Service that requires authentication, returning a JWT token if
authentication is OK. Then, with the Token, Kamailio will make another
HTTPS Request to another endpoint of the REST Service to do some voodoo....
My issue is on how to handle, on Kamailio, the authentication JWT token
returned from the REST Service.
I did consider having a Python script handling HTTP requests...might be
the best solution, as it is (or seems to be....) more flexible in the long
term....
Atenciosamente / Kind Regards / Cordialement / Un saludo,
*Sérgio Charrua*
On Tue, Aug 27, 2024 at 1:08 PM Fred Posner via sr-users <
sr-users(a)lists.kamailio.org> wrote:
On Aug 27, 2024, at 6:58 AM, Sergio Charrua via
sr-users <
sr-users(a)lists.kamailio.org> wrote:
Hi all!
I need to integrate a REST Service with Kamailio. Integration is easy,
not a
problem, but my concern is that the REST Services has a JWT token
authentication required for each request, common to many (it not all) REST
Services.
So, it is required to POST for authentication
(username and password)
and once I get authentication done, and receive a JWT
token, I will need to
use this token in all other requests to the REST Service. The token is
valid for 24h.
My question is:
- how to save the token for use during 24h, on all calls/sessions,
without the
need to authenticate on every call?
- how to detect the token has expired and
re-authenticate?
I looked for some modules, but could not find any that suited me.
I am thinking of executing a Python script for this, but concerned
about latency
and PDD....
Any thoughts? Any suggestions? Any known
best-practice?
Atenciosamente / Kind Regards / Cordialement / Un saludo,
Sérgio Charrua
Have you considered an inbetween service (such as a go/python/node api
listener) to handle the authentication / token issuance part?
In theory I assume you could use the JWT and other modules to help do
what you are looking for, but you’re really hacking kamailio to be an http
api server at that point and although it may be able to do it quite well,
it’s really not the first candidate I’d choose for the job.
Regards,
Fred Posner
https://fredoso.com
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
9:11 a.m.
On Aug 27, 2024, at 8:18 AM, Sergio Charrua via
sr-users <sr-users(a)lists.kamailio.org> wrote:
Thanks Fred!
In that case the htable model is a good one. You can set an expiration time on the htable
entry to match the time of the token and then renew based on expiration.
KEMI might be a good choice as well (and handle it in python, ruby, whatever)
Regards,
Fred Posner
... but you’re really hacking kamailio to be an
http api server...
Actually it will be a HTTP Client...kamailio will send requests to an HTTPS REST Service
that requires authentication, returning a JWT token if authentication is OK. Then, with
the Token, Kamailio will make another HTTPS Request to another endpoint of the REST
Service to do some voodoo....
My issue is on how to handle, on Kamailio, the authentication JWT token returned from the
REST Service.
I did consider having a Python script handling HTTP requests...might be the best
solution, as it is (or seems to be....) more flexible in the long term....
Atenciosamente / Kind Regards / Cordialement / Un saludo,
Sérgio Charrua 
7:57 a.m.
Hello,
don’t looked into the details, but the kamailio jwt module has a verify function
(https://www.kamailio.org/docs/modules/stable/modules/jwt.html)
Regarding storage, you can easily store them in a DB table with sqlops, or in htable in
memory with automatic 24h expiry, just two options. The DB could be used from multiple
Kamailio servers, htable would be individual per server.
Cheers,
Henning
--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com<https://gilawa.com/>
From: Sergio Charrua via sr-users <sr-users(a)lists.kamailio.org>
Sent: Dienstag, 27. August 2024 12:58
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Cc: Sergio Charrua <sergio.charrua(a)voip.pt>
Subject: [SR-Users] Kamailio integration with REST services
Hi all!
I need to integrate a REST Service with Kamailio. Integration is easy, not a problem, but
my concern is that the REST Services has a JWT token authentication required for each
request, common to many (it not all) REST Services.
So, it is required to POST for authentication (username and password) and once I get
authentication done, and receive a JWT token, I will need to use this token in all other
requests to the REST Service. The token is valid for 24h.
My question is:
- how to save the token for use during 24h, on all calls/sessions, without the need to
authenticate on every call?
- how to detect the token has expired and re-authenticate?
I looked for some modules, but could not find any that suited me.
I am thinking of executing a Python script for this, but concerned about latency and
PDD....
Any thoughts? Any suggestions? Any known best-practice?
Atenciosamente / Kind Regards / Cordialement / Un saludo,
Sérgio Charrua
8:08 a.m.
Thanks Henning,
I did take a look at the JWT module, prior posting to the ML, but it seems
to me that it requires a private key (.pem) which I won't have access to,
hence the only way to authenticate is to send a HTTPS request to an URL
with the login and password in it.... Or am I missing something?
The DB Table might be a good option, though the high amount of CPS might
overload the database, so I will try the HTable option instead.
Atenciosamente / Kind Regards / Cordialement / Un saludo,
*Sérgio Charrua*
On Tue, Aug 27, 2024 at 12:57 PM Henning Westerholt <hw(a)gilawa.com> wrote:
Hello,
don’t looked into the details, but the kamailio jwt module has a verify
function (https://www.kamailio.org/docs/modules/stable/modules/jwt.html)
Regarding storage, you can easily store them in a DB table with sqlops, or
in htable in memory with automatic 24h expiry, just two options. The DB
could be used from multiple Kamailio servers, htable would be individual
per server.
Cheers,
Henning
--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com
*From:* Sergio Charrua via sr-users <sr-users(a)lists.kamailio.org>
*Sent:* Dienstag, 27. August 2024 12:58
*To:* Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
*Cc:* Sergio Charrua <sergio.charrua(a)voip.pt>
*Subject:* [SR-Users] Kamailio integration with REST services
Hi all!
I need to integrate a REST Service with Kamailio. Integration is easy, not
a problem, but my concern is that the REST Services has a JWT token
authentication required for each request, common to many (it not all) REST
Services.
So, it is required to POST for authentication (username and password) and
once I get authentication done, and receive a JWT token, I will need to use
this token in all other requests to the REST Service. The token is valid
for 24h.
My question is:
- how to save the token for use during 24h, on all calls/sessions, without
the need to authenticate on every call?
- how to detect the token has expired and re-authenticate?
I looked for some modules, but could not find any that suited me.
I am thinking of executing a Python script for this, but concerned about
latency and PDD....
Any thoughts? Any suggestions? Any known best-practice?
Atenciosamente / Kind Regards / Cordialement / Un saludo,
*Sérgio Charrua*
8:13 a.m.
On Aug 27, 2024, at 7:57 AM, Henning Westerholt via
sr-users <sr-users(a)lists.kamailio.org> wrote:
htable would be individual per server.
It's worth pointing out that htable can be replicated via DMQ.
This might seem like needless pedantry, but I've used this to successful effect in
number of places to remove dependency on external storage mechanisms.
-- Alex
--
Alex Balashov
Principal Consultant
Evariste Systems LLC
Web: https://evaristesys.com
Tel: +1-706-510-6800
29 Aug
29 Aug
7:09 a.m.
Hi Alex,
you are right of course, DMQ can be used to synchronize htable content.
Not sure I would use it personally for security tokens in this special case, due to the
lack of synchronisation, integrity protections and encryption (the two latter parts can of
course be mitigated by using TLS).
Cheers,
Henning
-----Original Message-----
From: Alex Balashov via sr-users <sr-users(a)lists.kamailio.org>
Sent: Dienstag, 27. August 2024 14:13
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Cc: Alex Balashov <abalashov(a)evaristesys.com>
Subject: [SR-Users] Re: Kamailio integration with REST services
On Aug 27, 2024, at 7:57 AM, Henning Westerholt
via sr-users <sr-
users(a)lists.kamailio.org> wrote:
htable would be individual per server.
It's worth pointing out that htable can be replicated via DMQ.
This might seem like needless pedantry, but I've used this to successful effect in
number of places to remove dependency on external storage mechanisms.
-- Alex
--
Alex Balashov
Principal Consultant
Evariste Systems LLC
Web: https://evaristesys.com
Tel: +1-706-510-6800
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe
send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
Edit mailing list options or unsubscribe:
27 Aug
27 Aug
8:08 a.m.
Hi,
The Htable module might be useful. Also you could set expire time
validation for 24h.
Best regards.
Mojtaba
On Tue, Aug 27, 2024, 14:56 Sergio Charrua via sr-users <
sr-users(a)lists.kamailio.org> wrote:
Hi all!
I need to integrate a REST Service with Kamailio. Integration is easy, not
a problem, but my concern is that the REST Services has a JWT token
authentication required for each request, common to many (it not all) REST
Services.
So, it is required to POST for authentication (username and password) and
once I get authentication done, and receive a JWT token, I will need to use
this token in all other requests to the REST Service. The token is valid
for 24h.
My question is:
- how to save the token for use during 24h, on all calls/sessions, without
the need to authenticate on every call?
- how to detect the token has expired and re-authenticate?
I looked for some modules, but could not find any that suited me.
I am thinking of executing a Python script for this, but concerned about
latency and PDD....
Any thoughts? Any suggestions? Any known best-practice?
Atenciosamente / Kind Regards / Cordialement / Un saludo,
*Sérgio Charrua*
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
8:16 a.m.
Hi,
You can use a $shv() variable to store the key.
To track it you can use rtimer or just don't track it at lll, but
just renew at 403.
There are other ways tho, these are what I use
вт, 27 авг. 2024 г. в 14:25, Sergio Charrua via sr-users <
sr-users(a)lists.kamailio.org>gt;:
Hi all!
I need to integrate a REST Service with Kamailio. Integration is easy, not
a problem, but my concern is that the REST Services has a JWT token
authentication required for each request, common to many (it not all) REST
Services.
So, it is required to POST for authentication (username and password) and
once I get authentication done, and receive a JWT token, I will need to use
this token in all other requests to the REST Service. The token is valid
for 24h.
My question is:
- how to save the token for use during 24h, on all calls/sessions, without
the need to authenticate on every call?
- how to detect the token has expired and re-authenticate?
I looked for some modules, but could not find any that suited me.
I am thinking of executing a Python script for this, but concerned about
latency and PDD....
Any thoughts? Any suggestions? Any known best-practice?
Atenciosamente / Kind Regards / Cordialement / Un saludo,
*Sérgio Charrua*
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
--
Alexandru Covalschi
VoIP engineer and system administrator
tg: @acovalschi
8
days inactive
10
days old
12 comments
6 participants
participants (6)
-
Alex Balashov -
Alexandru Covalschi -
Fred Posner -
Henning Westerholt -
Mojtaba -
Sergio Charrua