[coTurn] Add TURN users into a database

Init

I used to connect to coTurn using a static user.
I will add user into a Database file(SQLite) in this time.

• [Xubuntu22.04] Try coTurn for WebRTC 1
• Run coTurn behind Nginx

Add users

I can add users by "turnadmin", but before I can do so, I must modify "turnserver.conf".

The default database file for Ubuntu is located in "/var/lib/turn/turndb".
I have to specify that coTurn reads that database file.

turnserver.conf

...
#
# SQLite database file name.
#
# The default file name is /var/db/turndb or /usr/local/var/db/turndb or
# /var/lib/turn/turndb.
#
userdb=/var/lib/turn/turndb
...

The schema of the coTurn database is here.

• schema.sql - coturn - GitHub

To add a user, I use "turnadmin" command.

sudo turnadmin -a -u username2 -p password2 -r 192.168.XX.YYY --db /var/lib/turn/turndb 

• -a: Add or update a long-term user
• -u: User name
• -p: Password
• -r: Realm

• --db: the database file path

• coturn/README.turnadmin - GitHub

"SQLite connection was closed" ?

After executing the command, the terminal showed these two lines.

0: : SQLite connection was closed.
0: : log file opened: /var/log/turn_41547_2022-09-10.log

Because I thought the command was failed, I searched how to resolve it.
Finally I found that these outputs do not represent command success or failure.

So I could get result by this command.

sqlite3 /var/lib/turn/turndb "SELECT * FROM turnusers_lt"

Now I can connect with coTurn using the user.

webrtc.controller.ts

...
        this.peerConnection = new RTCPeerConnection({
            iceServers: [{
                urls: "turn:local-turn.jp:443",
                username: "username2",
                credential: "password2",
            }],
            // Force using STUN or TURN servers. 
            iceTransportPolicy: "relay"
        });
...

OAuth (Failed)

I also tried using OAuth to connect coTurn.
This time, I decided to add Authorize server functionality to my web application.

First I enabled OAuth in my coTurn config file.

turnserver.conf

...
# Server name used for
# the oAuth authentication purposes.
# The default value is the realm name.
#
server-name=localhost:4444

# Flag that allows oAuth authentication.
#
oauth
...

And I added an OAuth key into the database.

sqlite3 /var/lib/turn/turndb "INSERT INTO oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg,realm) values('north','MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK',0,0,'A256GCM','192.168.XX.YYY')"

But I couldn't find how to use OAuth key from JavaScript.

I couldn't write like this post, because "credential" must be a string value and "credentialType" must be "password".
And I couldn't omit the "username" and "credential".

• How to setup coturn for oauth authentication - StackOverflow

Because TURN has a specification to use third-party authorization, I will continue to look for solutions.

• RFC7635 - Session Traversal Utilities for NAT (STUN) Extension for Third-Party Authorization