Restcomm in an oauth environment

Post on 13-Apr-2017

253 views 4 download

Transcript of Restcomm in an oauth environment

turns OAuth!

author: Orestis Tsakiridis

What is it all about ?

Restcomm authentication & authorization implementation and workflows change.

Use of standardized Oauth 2.0 and OpenId Connect 1.0 protocols.

Traditional password authentication stays but only for compatibility with Restcomm REST API.

JBoss Keycloak implementation.

The protocols

Oauth 2.0

OpenID Connect 1.0

Restcomm Identity Architecture

What’s new ?

Instance bootstrapping needed

Instance registration

User migration

Two paths available


Administration Console (AdminUI)

Accounts & Users

Introduced User concept

Account-to-User linking

Dual authorization

Profile UI

Instance registration - I

Instance registration - II



Three options available

1. Restcomm / cloud authorization server

quickly get up’n’running

use of central user repository, integration with Application Store ootb

2. Restcomm / own authorization server

keep user accounts

works offline

needs auth server setup

3. Headless Restcomm

no auth server needed, no oauth protocol support

REST API available

no UI offered (forget about AdminUI and RVD)

authorization still in place through locally stored Account tokens


SSO user experience

Administration console


Application Store [...]

Third party applications [...]


Credentials only sent to authorization server

External identity providers - extendable architecture

Use existing Social networks like Twitter, Google or Facebook

Implement your own provider using SAML 2.0 or OpenID Connect 1.0 protocols and use existing user database

Expose Restcomm API in an oauth'ish way

Third party developers can easily build service oriented applications that use Restcomm API

Authorization using tokens, not actual credentials


More complex workflows and topology

For deployment option 2

More resources: +1 machine for auth server

Additional setup needed

Where do we stand ?

Oauth workflows implemented and supported for Restcomm applications (REST API, RVD, AdminUI) ✔

Dual authorization ✔

Account linking ✔

Automatic migration from older versions - Almost there

What comes next ?

Support for all deployment options (1,2,3)

Official restcomm release using Oauth enabled codebase (2016 Q1)

Better RAS integration. Authentication on official Restcomm authorization server.

External identity provider support. Social networks, Google, Facebook, Custom etc.

Questions ?

Thank you!Orestis Tsakiridis <>