[Freeswitch-users] JSON Web Tokens
Gregor Nanger
gregor at infomedia.si
Wed May 4 01:01:14 MSD 2016
Sorry, Michael, if I do not understand whole registration process, but
would realy like to understand.
I am working with verto and xml_curl and when registering, I need to return
xml formated response with password in xml_curl. I guess that freeswitch
then compare what client sent and what it gets from xml_curl. Am I right?
Colin, either if you get token (you can send it as username for example) it
wouldn't help you, because you can't confirm in xml_curl if user is
verified or not. You can only send back user details with passwords as what
is expected from xml_curl. Am I right?
2016-05-03 22:31 GMT+02:00 Colin Morelli <colin.morelli at gmail.com>:
> Michael can you provide an example of how you'd get the password portion
> (or the token) to a process via xml curl?
>
> I haven't been able to figure it out
>
> Thanks in advance
> On Tue, May 3, 2016 at 4:29 PM Michael Jerris <mike at jerris.com> wrote:
>
>> This is incorrect.. as I said you can handle the login via a dynamic
>> directory lookup. There is no reason or need to do anything like
>> dynamically changing the password.
>>
>> On May 3, 2016, at 4:08 PM, Gregor Nanger <gregor at infomedia.si> wrote:
>>
>> Well, somwhere you have to pass username an password in client when
>> calling login procedure in javascript. And if it is in client side, then
>> user can see it, either by monitoring network in browser or see source code
>> of page. In voip phone, password is hidden in password textbox for example
>> and it is not easy accessible as from Web client. Hope you understand what
>> I mean.
>>
>> Maybe as Michael said. If you put token as loginparam, but still there is
>> no way in xml_curl to say, oh you are verto user with this token and token
>> is ok, so you are logged in, although you didn't send password from client
>> side.
>>
>> The best what I think of is to automatically change password on some
>> period and client should retrieve it when login expire. This way you can
>> use it like token. Real authorization is anyway first on your Web app.
>>
>> Please correct me if I'm wrong, but from Fs side, login procedure is same
>> for sip client or verto client?
>>
>> Best regards, Gregor
>>
>> On Tue, May 3, 2016, 20:17 Michael Jerris <mike at jerris.com> wrote:
>>
>>> You may have to pass it in loginParams but i think it should be
>>> possible from looking at the code. Double check what all you get in the
>>> code.
>>>
>>> On May 3, 2016, at 1:25 PM, Colin Morelli <colin.morelli at gmail.com>
>>> wrote:
>>>
>>> Michael,
>>>
>>> Is that actually possible? I have an application using mod_xml_curl but
>>> FS doesn't send passwords as part of the directory request (as far as I can
>>> tell). I actually wanted to do something very similar to this.
>>>
>>> Colin
>>>
>>> On Tue, May 3, 2016 at 1:07 PM Tristan Mahé <gled at remote-shell.net>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> AFAIK, there is no module handling JWT at the moment, but you can do
>>>> pretty much anything you can think of using lua, or any other langage
>>>> supported by freeswitch.
>>>>
>>>> Best,
>>>>
>>>> Tristan.
>>>>
>>>> On 05/03/2016 07:12 AM, Oivvio Polite wrote:
>>>> > Can FreeSwitch handle JSON Web Tokens natively or be made to handle
>>>> JWT
>>>> > through one of the available scripting languages?
>>>> >
>>>> > Oivvio
>>>> >
>>>
>>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
--
Gregor Nanger
*CTO*
t./f.: 00386 (0) 7 6000 308/309 • m:. 00386 (0)41 756485
• Infomedia d.o.o. • Jerebova 3, Novo mesto, Slovenia
• www.infomedia.si
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160503/63c4d435/attachment.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list