Introduce icebreaker specific (long living) session tokens

Question

Introduce icebreaker specific (long living) session tokens

Closed this issue 9 months ago · 0 comments

Problem

The ICE adapter should be able to fetch the list of ICE/Coturn servers on it's own from icebreaker without receiving them from an external source.
This requires the OAuth2 access token to be passed to the ICE adapter. However: Our OAuth2 access tokens are (intentionally) short lived with a maximum of 1 hour and a passed token might be already close to its expiration. But ICE sessions might last much longer than that either in case of long lobby sims or long running games with reconnecting situations.

Solution

The endpoint /game/{gameId} needs to also return a freshly generated user and game specific session token.
This should be an HMAC with user id + game id + timestamp as a JWT.

All endpoints that check for valid access tokens should allow using session tokens too.