Support bearer token authentication

[neilyoung]

Describe the feature

Description

I hope it's not again an RTMF issue and it's all long time realised and documented, but at the moment it seems to me that MediaMTX supports BASIC and DIGEST authentication only for WebRTC WHIP/WHEP. IMHO the RFC mandates bearer token authentication, so it would be great, if that could be supported.

[kaitlynia]

Not only is this mandated by RFC, but OBS supports this in the UI for WHIP and it was a source of confusion for me when I assumed this was the method that MediaMTX handled JWT-based auth, but was disappointed to find out that it's just more URL-parameterized auth.

[aler9]

In order to cover all possible cases, i'll implement WHEP Bearer authentication in a way that is compatible with all available authentication mechanisms (currently internal, HTTP, JWT).

[aler9]

solved by #3458 and #3459

[neilyoung]

Nicely done! Not sure if it was intended, but it is even possible to mix JWT bearer authentication with an existing DIY HTTP authentication service (in order to prevent to be forced to support JWKS or introduce yet another instance like keycloak or friends).

I'm configuring authHTTPAddress to a Node JS server instance I wrote to support RTSP authentication via username:password and setting authMethod: http but leaving authJWTJWKS empty. I see it is possible to do even JWT authentication by parsing the query transported:

AUTH {
  ip: '127.0.0.1',
  user: '',
  password: '',
  action: 'publish',
  path: 'toast',
  protocol: 'webrtc',
  id: '06960ca9-3266-482d-a8bd-2532e955ebfb',
  query: 'jwt=eyJhbGci.....Qac6c5xBrdAk&mode=inference'
}

Two birds with one stone. Great. Thanks for having added support for this.

[github-actions]

This issue is mentioned in release v1.8.3 🚀
Check out the entire changelog by clicking here