Init

I used to connect to coTurn using a static user.
I will add user into a Database file(SQLite) in this time.

• [Xubuntu22.04] Try coTurn for WebRTC 1
• Run coTurn behind Nginx

Add users

I can add users by "turnadmin", but before I can do so, I must modify "turnserver.conf".

The default database file for Ubuntu is located in "/var/lib/turn/turndb".
I have to specify that coTurn reads that database file.

turnserver.conf

...## SQLite database file name.## The default file name is /var/db/turndb or /usr/local/var/db/turndb or# /var/lib/turn/turndb.#userdb=/var/lib/turn/turndb...

The schema of the coTurn database is here.

• schema.sql - coturn - GitHub

To add a user, I use "turnadmin" command.

sudo turnadmin -a -u username2 -p password2 -r 192.168.XX.YYY --db /var/lib/turn/turndb

• -a: Add or update a long-term user
• -u: User name
• -p: Password
• -r: Realm

• --db: the database file path

• coturn/README.turnadmin - GitHub

"SQLite connection was closed" ?

After executing the command, the terminal showed these two lines.

0: : SQLite connection was closed.0: : log file opened: /var/log/turn_41547_2022-09-10.log

Because I thought the command was failed, I searched how to resolve it.
Finally I found that these outputs do not represent command success or failure.

So I could get result by this command.

sqlite3 /var/lib/turn/turndb "SELECT * FROM turnusers_lt"

Now I can connect with coTurn using the user.

webrtc.controller.ts

...this.peerConnection=newRTCPeerConnection({iceServers:[{urls:"turn:local-turn.jp:443",username:"username2",credential:"password2",}],// Force using STUN or TURN servers.iceTransportPolicy:"relay"});...

OAuth (Failed)

I also tried using OAuth to connect coTurn.
This time, I decided to add Authorize server functionality to my web application.

First I enabled OAuth in my coTurn config file.

turnserver.conf

...# Server name used for# the oAuth authentication purposes.# The default value is the realm name.#server-name=localhost:4444# Flag that allows oAuth authentication.#oauth...

And I added an OAuth key into the database.

sqlite3 /var/lib/turn/turndb "INSERT INTO oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg,realm) values('north','MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK',0,0,'A256GCM','192.168.XX.YYY')"

But I couldn't find how to use OAuth key from JavaScript.

I couldn't write like this post, because "credential" must be a string value and "credentialType" must be "password".
And I couldn't omit the "username" and "credential".

• How to setup coturn for oauth authentication - StackOverflow

Because TURN has a specification to use third-party authorization, I will continue to look for solutions.

• RFC7635 - Session Traversal Utilities for NAT (STUN) Extension for Third-Party Authorization