Galène videoconferencing server discussion list archives
 help / color / mirror / Atom feed
From: Jeroen van Veen <>
To: Juliusz Chroboczek <>
Cc: "" <>
Subject: [Galene] Re: Config branch [was: User management]
Date: Fri, 29 Oct 2021 09:10:28 +0000	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

Hi Juliusz,

I checked your config branch and the new multiple admins feature.
Nice feature! It allows me to directly map the admin privilege
in Pyrite's users.json to a Galene admin, so multiple users can directly
access an endpoint like stats.json. It may be possible to use the single
admin user in Pyrite's Node.js service to proxy the request, but it's
better to have this directly in Galene I think(less dependencies).

How would JWT authentication impact the storage of credentials in Galene? I encountered
JWT authentication recently and noticed it contains user information payload. Would that
impact where the user's credentials may be stored? For instance, would Galene call a
configurable HTTP endpoint that will do the authentication and return a JWT?
What user information will be stored by Galene? The JWT? I don't have
a solid understanding of how that's supposed to work yet. Would it make sense to
have user deduplication with the current file/authentication scheme like this?

    {"id": "3930b479-e669-432c-b163-8a3c79475820", "username": "root", "password": "secret"},
    {"id": "b0fba23a-4441-47dc-97ca-545a5b6b9142", "username": "foo", "password": "bar"}

    "admin": [

    "op": ["3930b479-e669-432c-b163-8a3c79475820"],
    "presenter": ["b0fba23a-4441-47dc-97ca-545a5b6b9142"]

One last thing; in case a central users.json makes sense; would it be helpful to allow
Galene to permit unknown fields, to be able to store additional arbitrary user
information? e.g.

    {"id": "3930b479-e669-432c-b163-8a3c79475820", "username": "root", "password": "secret", "profile": {"email": ""}},
    {"id": "b0fba23a-4441-47dc-97ca-545a5b6b9142", "username": "foo", "password": "bar", "profile": {"email": ""}}

Kind regards,


‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

Op dinsdag 26 oktober 2021 om 9:02 PM schreef Juliusz Chroboczek <>:

> Jeroen,
> I've just pushed a new branch
> git checkout -b config
> which implements a global configuration file and removes the data/passwd
> file. Please review, and let me know what you think.
> (I'm going to use the global config file to hold shared secrets and public
> keys as I implement third party authentication with JWTs, so while it's
> not overly urgent, please do review, since we'll be stuck with it once
> people start developing auth servers for Galene.)
> -- Juliusz

  parent reply	other threads:[~2021-10-29  9:10 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-28 18:29 [Galene] User management Jeroen van Veen
2021-10-01 11:55 ` [Galene] " Juliusz Chroboczek
2021-10-01 14:05   ` Dave Taht
2021-10-01 14:20     ` [Galene] End-to-end encryption [was: User management] Juliusz Chroboczek
2021-10-01 14:38       ` [Galene] Re: End-to-end encryption Michael Ströder
2021-10-01 15:24       ` [Galene] Re: End-to-end encryption [was: User management] Dave Taht
2021-10-03 19:15   ` [Galene] Re: User management Jeroen van Veen
2021-10-26 19:02     ` [Galene] Config branch [was: User management] Juliusz Chroboczek
2021-10-27 18:23       ` [Galene] " Jeroen van Veen
2021-10-29  9:10       ` Jeroen van Veen [this message]
2021-10-29 17:52         ` Juliusz Chroboczek
2021-10-30  8:22           ` Jeroen van Veen
2021-10-01 14:43 ` [Galene] Re: User management Dernat Rémy
2021-10-03 19:15   ` Jeroen van Veen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

  List information:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='' \ \ \ \
    --subject='[Galene] Re: Config branch [was: User management]' \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox