OAuth Authentication and Identity Validation in SIP Systems

Day 1 | 15:15 | 00:15 | K.3.601 | Jehan Monnier, [email protected]


Note: I'm reworking this at the moment, some things won't work.

The stream isn't available yet! Check back at 15:15.
Get involved in the conversation!Join the chat

User authentication in real-time communication systems using SIP (Session Initiation Protocol) is evolving with the adoption of OAuth 2.0, as outlined in RFC 8898, published by the IETF in 2020. This protocol secures user access through authentication tokens (instead of traditional methods like Digest). This "Single Sign-On" approach allows for the use of a unified identity verification source across the entire information system, and is now being extended to VoIP. In this conference, we will explore how OAuth 2.0 and OpenID Connect are integrated into a modern SIP environment, with a focus on managing and validating access tokens. To illustrate this, we will use our Flexisip server solution.

Key Topics: - OAuth 2.0 and OpenID Connect: Introduction and benefits for authentication in modern SIP systems. - JWT for Authentication: Token signature validation and extracting user identity. - Integration in Flexisip: Demonstration of OAuth-based authentication with Flexisip, and token validation in a SIP environment. - Authorization Management: Controlling requests based on identity information extracted from access tokens.

This conference will provide an overview of how to implement and secure user authentication with OAuth 2.0 and JWT in a SIP server, using Flexisip as a concrete example.