TURN is used for relaying data from source to target. TURN consumes bandwidh and it is expensive.
Therefore there is a need for authorizing the TURN connection. However given that the connection is made from a client using javascript, use of a static username/password can be easily compromised.
Ephemeral password comes to the rescue here.
Learn WebRTC in 200 Line of code:
You will need a lot of patience going through libraries that are present today simply because they have thousands of line of code. So I will highly encourage you all to refer the source code located here: github.com/amiteshawa/learn-rtc
43. IN JAVASCRIPT
var turn;
turn = {
url: 'turn:<user-name>@<IP>:<PORT>',
credential: ‘password‘
};
// for chrome 28 and above
turn = {
url: 'turn:<IP-address>:<PORT>',
username: ‘<user-name>‘,
credential: ‘<password>'
};
44. Ephemeral password
1.
2.
3.
4.
5.
6.
Limited time TURN credentials
Based on REST Service
Webserver creates password
Shared secret
TURN Server does NOT implement the REST API
Based on long-term credentials mechanism
48. long-term credentials
User
TURN
User sends request to TURN without password
TURN send Error 401, with realm and nonce
User Checks 401 and extracts realm and nonce
User generates MD5 key with user, realm
49. long-term credentials
User
TURN
User sends request to TURN without password
TURN send Error 401, with realm and nonce
User Checks 401 and extracts realm and nonce
User generates MD5 key with user, realm
User sends new request to TURN with password
50. long-term credentials
User
TURN
User sends request to TURN without password
TURN send Error 401, with realm and nonce
User Checks 401 and extracts realm and nonce
User generates MD5 key with user, realm
User sends new request to TURN with password
TURN Validates
Matches? Then connected