check_stun_auth: Cannot find credentials of user

[_Boris _]

Hello,

I found number of discussion regarding "Cannot find credentials of user" when enabling "static-auth-secret" and tried different options but still cannot resolve the problem.

The error that I see in log: 

check_stun_auth: Cannot find credentials of user <1504755388:user>

(I am using 'user' as my user name)

I use trickle-ice page to gather candidates but I only see host and srflx candidates gathered.

The console output at client side:

Creating new PeerConnection with config={"iceServers":[{"urls":["turn:xxxxxx.com:8443"],"username":"1504755388:user","credential":"QjCHZsM6RL9LpMCL6jMIqbYxbC8="}],"iceTransportPolicy":"all","rtcpMuxPolicy":"negotiate","iceCandidatePoolSize":"0"}, constraints={"optional":[{"googIPv6":false}]}

My understanding is that no user needs to be added to the database when Static' authentication secret  is used.

What am I missing?

My config file has:

lt-cred-mech

use-auth-secret

static-auth-secret=secret

Thanks a lot

Boris

[_Boris _]

Just wanted to add that I did tested using https://www.freeformatter.com/hmac-generator.html that HMAC/SHA1 was calculated correctly 

[shakeeb]

Hi Boris,

I have also checked your HMAC/SHA1. It is calculated correctly. I have checked HMAC/SHA1 using the following nodejs code

var crypto = require('crypto');

function getTURNCredentials(name, secret){

//  var unixTimeStamp = parseInt(Date.now()/1000) + 24*3600,   // this credential would be valid for the next 24 hours

  var unixTimeStamp = 1504755388,

  username = [unixTimeStamp, name].join(':'),

  password,

  hmac = crypto.createHmac('sha1', secret);

  hmac.setEncoding('base64');

  hmac.write(username);

  hmac.end();

  password = hmac.read();

  return {

        username: username,

        password: password

    };

}

var user  = getTURNCredentials("user","secret");

console.log(user.username+ "  "+ user.password);

   

Your configuration for PeerConnection is also fine. 

I think you have configured server properly to use "TURN REST API".  As you have configured the mandatory config options to use "TURN REST API" 

lt-cred-mech

use-auth-secret

static-auth-secret

   

>>My understanding is that no user needs to be added to the database when Static' authentication secret is used.

You are right. You don't need the database at all when using these configurations. 

I think you are not giving proper timestamp while creating users.  Please generate the timestamp with enough validation period.   You should generate the timestamp on server's instance so that both server and client are using same time or any other instance 

which time is same as the server instance. If it is not solved by using proper timestamp then please attach your configuration file and server's log for more investigation.  

Thanks,

Shakeeb

[_Boris _]

Dear Shakeeb,

Thanks a lot. I followed your advise and moved time stamp 24 hours ahead. It helped and I got relay candidates allocated.

Very much appreciated!

Boris