I need to make a video chat. In order to make it work I need a stun/turn server. The problem is that I have no idea how to make secure authorization in them. I use coturn, but even if I connect a database, it would be very painful to add users to the system, manage passwords. If I could use coturn along with passport.js inside node.js to allow only users who are logged in, but I can't even imagine how that would be possible.
Anyway, how does this work in services like zoom? This security hole in the form of an accessible stun/turn server is keeping me busy.
The generally accepted solution for this is time-limited credentials as described in https://datatracker.ietf.org/doc/html/draft-uberti-behave-turn-rest-00 combined with monitoring of your turn servers to assert that the users the credentials were given to are not abusing them (for some definition of that)