JWT auth with ffmpeg
#5064
Replies: 1 comment 1 reply
-
|
I was thinking that an option to exempt localhost (or a specific IP address since you might be transcoding in another place) from authentication would be an elegant fix to this issue. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
That wouldn't work for us. Our streams arrive from remote camera systems, so we need authentication there. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
You indicate in various places (e.g. 1.15.1 release notes) that passing JWTs as query params will be disallowed in the future. While I understand the reasoning, it will probably break JWT auth with ffmpeg completely.
The maximum password length in ffmpeg is somewhere around 140..160 characters. It is not the 1024 characters mentioned in the docs, at least not for ffmpeg versions 6.1 and 8.0 that I tested with (tested on Ubuntu and Alpine). 160 characters is too short for any kind of JWT. AFAIK, this leaves query param auth as the only feasible option for JWT auth.
With the findings outlined above, I think a better way than complete removal would be a feature gate in the config with a clear and loud warning. What are your plans regarding JWT query param removal exactly?
Beta Was this translation helpful? Give feedback.
All reactions