[Freeswitch-users] JSON Web Tokens

Colin Morelli colin.morelli at gmail.com
Wed May 4 01:48:02 MSD 2016


Got it. The part that I missed was loginParams from verto. I'm not using
verto in my case (actually using PJSIP). However yes, I could include
custom headers in the register request to make this work. I was just hoping
for something that would work in the password.

Thanks,
Colin

On Tue, May 3, 2016 at 5:44 PM Michael Jerris <mike at jerris.com> wrote:

> Any mod_xml_curl user directory lookup example would do.
>
> On May 3, 2016, at 4:31 PM, Colin Morelli <colin.morelli at gmail.com> wrote:
>
> Michael can you provide an example of how you'd get the password portion
> (or the token) to a process via xml curl?
>
> I haven't been able to figure it out
>
> Thanks in advance
> On Tue, May 3, 2016 at 4:29 PM Michael Jerris <mike at jerris.com> wrote:
>
>> This is incorrect.. as I said you can handle the login via a dynamic
>> directory lookup.  There is no reason or need to do anything like
>> dynamically changing the password.
>>
>> On May 3, 2016, at 4:08 PM, Gregor Nanger <gregor at infomedia.si> wrote:
>>
>> Well, somwhere you have to pass username an password in client when
>> calling login procedure in javascript. And if it is in client side, then
>> user can see it, either by monitoring network in browser or see source code
>> of page. In voip phone,  password is hidden in password textbox for example
>> and it is not easy accessible as from Web client. Hope you understand what
>> I mean.
>>
>> Maybe as Michael said. If you put token as loginparam, but still there is
>> no way in xml_curl to say, oh you are verto user with this token and token
>> is ok, so you are logged in, although you didn't send password from client
>> side.
>>
>> The best what I think of is to automatically change password on some
>> period and client should retrieve it when login expire. This way you can
>> use it like token. Real authorization is anyway first on your Web app.
>>
>> Please correct me if I'm wrong, but from Fs side, login procedure is same
>> for sip client or verto client?
>>
>> Best regards, Gregor
>>
>> On Tue, May 3, 2016, 20:17 Michael Jerris <mike at jerris.com> wrote:
>>
>>> You may have to pass it in loginParams  but i think it should be
>>> possible from looking at the code.  Double check what all you get in the
>>> code.
>>>
>>> On May 3, 2016, at 1:25 PM, Colin Morelli <colin.morelli at gmail.com>
>>> wrote:
>>>
>>> Michael,
>>>
>>> Is that actually possible? I have an application using mod_xml_curl but
>>> FS doesn't send passwords as part of the directory request (as far as I can
>>> tell). I actually wanted to do something very similar to this.
>>>
>>> Colin
>>>
>>> On Tue, May 3, 2016 at 1:07 PM Tristan Mahé <gled at remote-shell.net>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> AFAIK, there is no module handling JWT at the moment, but you can do
>>>> pretty much anything you can think of using lua, or any other langage
>>>> supported by freeswitch.
>>>>
>>>> Best,
>>>>
>>>> Tristan.
>>>>
>>>> On 05/03/2016 07:12 AM, Oivvio Polite wrote:
>>>> > Can FreeSwitch handle JSON Web Tokens natively or be made to handle
>>>> JWT
>>>> > through one of the available scripting languages?
>>>> >
>>>> > Oivvio
>>>> >
>>>
>>>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160503/96edc7ea/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list