Add trigger authentication via JWKS or similar

[irg1008]

How can we add JWKS authentication to the media server. For example maybe a new trigger called JWKS_AUTH can be triggered on server load, that can then call an jwks endpoint and then for every subsequent trigger call, the jws token can be send through

I don't know, do we currently have any way to add auth to triggers??

Thank you

[Rokamun]

Hello!

We do have a plan of adding better/proper JWT/JWKS support. However you can already use this with the current triggers, it just requires work.
Full support is planned for the next API, which honestly we want done yesterday, but haven't been able to make as much progress on due to higher priority projects.

To do this currently:
This would require creating a (local) application or script that verifies the JWTs and is accessed by MistServer.
If you set this script/application to be called by the USER_NEW trigger it should be able to do all necessary processing.
The advantage of this method is that the token need to only be verified once per session, as MistServer will remember the yes/no answer for the duration of the session.

[irg1008]

Okay, it's kinda what I am doing now by timestamp signing and veryfing the request origin in my server. I will keep this open until something similar exists

[Rokamun]

Yeah, that's fine, hopefully we won't disappoint with the wait time 😄