I read the documentation on RTMP authentication. It seems like you can only get this to work by supplying a password for a specific username.
What I want to do:
- Let users supply an username and password in FMLE for streaming
- Only allow streaming to a specific stream name
- Validate the supplied credentials against an external source (REST api)
Is it possible to have access to the supplied username and password later on in the application? So that I can validate that a user is allowed to stream a specific stream name? Because then I could use a two-step authentication scheme:
Step 1) Validate if credentials are valid
Step 2) When user tries to stream validate if supplied credentials are valid for specified stream name.
Is this possible or should I stick with my current URL Query parameters approach?
You can use WMSProperties in the onConnect handler to attach credentials to IClient object that you can look at later in publish (or play) override or IMediaStreamActionNotify3.onPublish() or .onPlay()
I'm not sure what you mean at this point. At top you had credentials in a querystring, which you can grab in onConnect and add to the client instance with WMSProperties, and look at anytime later.
With AuthenticateUsernamePasswordProviderBase you can get the username supplied by the encoder and look up the password. In that case the username and password is sent to Wowza with digest authentication, not in the rtmp connection.