[Icecast] HTTP authentication

Thomas B. Rücker thomas at ruecker.fi
Sun Sep 15 08:31:05 UTC 2019


Hi,

On 9/14/19 7:39 PM, Mikel Sanz | 20 Comunicación wrote:
> I would like to have a private signal, which can only be tuned by
> whoever has the username and password, and know who is connected. But
> I wish the URL could be delivered with the username and password, to
> open it directly on a player or receiving device...


Sounds like a (bearer) token in combination with URL-auth would be a
more promising thing to look into.

http://icecast.org/docs/icecast-2.4.1/auth.html#url

Basically you pass along a token to the listener software, e.g. like this:

http://stream.example.org/music.opus?token=a0db5c27-f42c-4b81-85db-8a3642aac316

The token can be anything you choose, but you MUST control it. This
means you generate the token e.g. during login to your website and then
render URLs for that user with the token embedded into them.
Then once they arrive at Icecast, it will make a request to your
internal authentication endpoint to verify if the token is valid. If the
answer is that the token is valid, the request is granted. It is then up
to your own systems to enforce a number of concurrent requests or or
limit concurrent requests in some sort of way like originating IP addresses.

You have complete freedom to implement this the way you want. It is up
to you to implement this though, of course.


>
>
> El sáb., 14 sept. 2019 a las 21:33, Marvin Scholz (<epirat07 at gmail.com
> <mailto:epirat07 at gmail.com>>) escribió:
>
>
>
>     On 14 Sep 2019, at 21:09, Mikel Sanz | 20 Comunicación wrote:
>
>     > Hi. I'm trying to set up a mountpoint with authentication
>     type="htpasswd".
>     >
>     > It's correctly set up, but I have problems to listen in some
>     players. In
>     > Winamp, I've tried this URL structure:
>     > http://user:password@server:port/mountpoint.
>     > But in VLC, with same structure, a window is opened requesting
>     that data
>     > every time.
>
>     This is a bug in VLC. Anyway you should avoid to put the username and
>     password in the URL as thats a potential security issue.
>
>     >
>     > In HTML5 players, the same problem.
>     >
>     > How can I play this audio stream with user and password in the URL?
>
>     What exactly is your usecase?
>
>     >
>

Cheers,

TBR





More information about the Icecast mailing list