I am setting up a webRTC environment with janus and coturn. Even though STUN is a very lightweight protocol I would like to authenticate it if possible, and according to the STUN specifications that is the case.
Coturn also supports authentication for both STUN and TURN, I am using it with the --use-auth-secret and --secure-stun flags.
I can verify that the authentication works perfectly using the username and credential flags for the TURN configuration in iceServers, but for STUN it just won't do anything.
It was hard enough to get reliable information about the ICE exchange because I cannot find useful information in chrome://webrtc-internals and onicestatechange etc. but with WireShark I was able to inspect the STUN requests themselves and it turns out that Chrome completely ignores the username and credential fields for stun:... servers.
EDIT: I realized now that this is documented on MDN.
It also seems like Chrome doesn't support the DTLS-secured stuns:... protocol and turns:... only as TLS/via TCP transports.
Are there plans to support these features? Where can I find them or why not? The supported features (only stun auth...) seem very arbitrary to me.
