<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">U/P are not sent over html (not even sure what that means).. they are sent over secure websockets. They are then validated against the user directory. You could implement this by instead of sending u/p, sending your token, then using mod_xml_curl to do a user lookup, and in your web application validating the token. This could be made to work without any changes to FreeSWITCH. To do this you would take the token that you pass in the "passwd" field from javascript (that would be the JWT token) and when you authorize the user, you would pass back the same value in the "password" param<div class=""><br class=""></div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On May 3, 2016, at 11:16 AM, Gregor Nanger <<a href="mailto:gregor@infomedia.si" class="">gregor@infomedia.si</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><p dir="ltr" class="">This feature would be great regarding webrtc or verto. Otherwise, user and password must be embed or sent in html. </p>
<br class=""><div class="gmail_quote"><div dir="ltr" class="">On Tue, May 3, 2016, 17:07 Oivvio Polite <<a href="mailto:mylists@polite.se" class="">mylists@polite.se</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br class=""><br class=""><div class="gmail_quote"><div dir="ltr" class="">On Tue, May 3, 2016, 16:41 Michael Jerris <<a href="mailto:mike@jerris.com" target="_blank" class="">mike@jerris.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">use for what exactly?</blockquote></div><div class=""><br class=""></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> </blockquote></div><div class="">So that I can do authorization somewhere else and just give the user a token that FS can verify without having to stay in sync with some central user repository. All of this is in a WebRTC context.</div><div class=""><br class=""></div><div class="">Oivvio</div></blockquote></div></div></blockquote></div><br class=""></div></body></html>