Peter Dunkley from Crocodile RCS has pushed a new module in GIT master branch: auth_ephemeral. Quoting from the module documentation:
This module contains all authentication related functions that can work with ephemeral credentials.
Ephemeral credentials are generated by a web-service and enforced on Kamailio. This usage of ephemeral credentials ensures that access to Kamailio is controlled even if the credentials cannot be kept secret, as can be the case in WebRTC where the credentials may be specified in Javascript.
To use this mechanism, the only interaction needed between the web-service and Kamailio is to share a secret key.
Typically, credentials will be requested from the web-service using an HTTP GET and provided in a JSON response. To prevent unauthorised use the HTTP requests can be ACLd by various means.
This mechanism is based on the Google proposal for a “TURN Server REST API”.
An obvious usage is together with websocket module to provide authentication for WebRTC-related communications. Read more about in the module documentation: