From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mail.toke.dk; spf=pass smtp.mailfrom=irif.fr; dkim=pass header.d=irif.fr; arc=none (Message is not ARC signed); dmarc=none Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) by mail.toke.dk (Postfix) with ESMTPS id BDA5E125BE0E for ; Tue, 23 Jun 2026 17:27:18 +0200 (CEST) Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id 65NFRDZd032352 for ; Tue, 23 Jun 2026 17:27:13 +0200 Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id F22C42C6A3 for ; Tue, 23 Jun 2026 17:27:12 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=irif.fr; h= content-type:content-type:mime-version:user-agent:subject :subject:from:from:message-id:date:date:received:received; s= dkim-irif; t=1782228432; x=1783092433; bh=yUlpF7qSp+oXiIOHAja1gU 7dw/eWD5c/iyO1e5URZM0=; b=iXQU56CSJ9xboNidNKWxkgtWWvCRCKnCSq9LL0 XNRLWJpa/MrCi/sEqnHmzkqdKDqDs+ONcd46pHOJnv6dScwsUSeBoAuVccdMjKcP cEtuDFrgwkaIWa8vHNy63gIiBbxgx7a2njpBE8kEbeCEoMRU4Rege49FLWMWJi3q tA7NQ6RneJOuUq3XggP/+KVsuhvSG7kivuRNyaLIjn/8t23fQzovZuuQIDHtGYI2 01tUJAdzGtTP0wgFLiavNa5QE1v7X6HgwKVRoOBGM4VTmMXUrqAi5S4lh8LmK3J0 KWaRBlSFeUtYMdjXoC35+Hc61mamhaoU158qeHl5STrng6NA== X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id uIpEP0xAruHe for ; Tue, 23 Jun 2026 17:27:12 +0200 (CEST) Received: from trurl.irif.fr (82-64-191-149.subs.proxad.net [82.64.191.149]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 1EBB22C711 for ; Tue, 23 Jun 2026 17:27:12 +0200 (CEST) Date: Tue, 23 Jun 2026 17:27:11 +0200 Message-ID: <87se6dxoog.wl-jch@irif.fr> From: Juliusz Chroboczek To: galene@lists.galene.org User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/30.2 Mule/6.0 MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [194.254.61.138]); Tue, 23 Jun 2026 17:27:13 +0200 (CEST) X-Miltered: at korolev with ID 6A3AA5D1.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-j-chkmail-Enveloppe: 6A3AA5D1.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/ X-j-chkmail-Score: MSGID : 6A3AA5D1.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000 X-j-chkmail-Status: Ham Message-ID-Hash: Q5Z7CRZDGORZQDRMMET2BWDUDKDUTZZJ X-Message-ID-Hash: Q5Z7CRZDGORZQDRMMET2BWDUDKDUTZZJ X-MailFrom: jch@irif.fr X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list Subject: [Galene] Bearer tokens in the administrative API List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: I've just pushed code to authentify using bearer tokens in the administrative API. This touches a lot of the auth code, albeit in minor ways; I've tried to be careful, and hopefully didn't introduce any security flaws. Assuming you've got galenectl configured, crate a global admin token: galenectl -insecure create-token -group "" -include-subgroups -permissions admin Now edit your galenectl.json file: remove the "admin-password" field, and replace it with an "admin-token" field that contains the newly generated token. While in principle the code supports cryptographic tokens (JWTs), in practice it won't work with them, since there are no global keys yet. I'm not quite sure where to store global keys: in the config file? In a separate JWK file? In the first place: what are the use cases for global stateless tokens? -- Juliusz