[Freeswitch-users] JSON Web Tokens
Michael Jerris
mike at jerris.com
Wed May 4 00:26:49 MSD 2016
This is incorrect.. as I said you can handle the login via a dynamic directory lookup. There is no reason or need to do anything like dynamically changing the password.
> On May 3, 2016, at 4:08 PM, Gregor Nanger <gregor at infomedia.si> wrote:
>
> Well, somwhere you have to pass username an password in client when calling login procedure in javascript. And if it is in client side, then user can see it, either by monitoring network in browser or see source code of page. In voip phone, password is hidden in password textbox for example and it is not easy accessible as from Web client. Hope you understand what I mean.
>
> Maybe as Michael said. If you put token as loginparam, but still there is no way in xml_curl to say, oh you are verto user with this token and token is ok, so you are logged in, although you didn't send password from client side.
>
> The best what I think of is to automatically change password on some period and client should retrieve it when login expire. This way you can use it like token. Real authorization is anyway first on your Web app.
>
> Please correct me if I'm wrong, but from Fs side, login procedure is same for sip client or verto client?
>
> Best regards, Gregor
>
>
> On Tue, May 3, 2016, 20:17 Michael Jerris <mike at jerris.com <mailto:mike at jerris.com>> wrote:
> You may have to pass it in loginParams but i think it should be possible from looking at the code. Double check what all you get in the code.
>
>> On May 3, 2016, at 1:25 PM, Colin Morelli <colin.morelli at gmail.com <mailto:colin.morelli at gmail.com>> wrote:
>>
>> Michael,
>>
>> Is that actually possible? I have an application using mod_xml_curl but FS doesn't send passwords as part of the directory request (as far as I can tell). I actually wanted to do something very similar to this.
>>
>> Colin
>>
>> On Tue, May 3, 2016 at 1:07 PM Tristan Mahé <gled at remote-shell.net <mailto:gled at remote-shell.net>> wrote:
>> Hi,
>>
>> AFAIK, there is no module handling JWT at the moment, but you can do
>> pretty much anything you can think of using lua, or any other langage
>> supported by freeswitch.
>>
>> Best,
>>
>> Tristan.
>>
>> On 05/03/2016 07:12 AM, Oivvio Polite wrote:
>> > Can FreeSwitch handle JSON Web Tokens natively or be made to handle JWT
>> > through one of the available scripting languages?
>> >
>> > Oivvio
>> >
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160503/10f08ce8/attachment.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list