[Freeswitch-users] JSON Web Tokens

[Michael Jerris]

U/P are not sent over html (not even sure what that means).. they are sent over secure websockets.  They are then validated against the user directory.  You could implement this by instead of sending u/p, sending your token, then using mod_xml_curl to do a user lookup, and in your web application validating the token.  This could be made to work without any changes to FreeSWITCH.  To do this you would take the token that you pass in the "passwd" field from javascript (that would be the JWT token) and when you authorize the user, you would pass back the same value in the "password" param


> On May 3, 2016, at 11:16 AM, Gregor Nanger <gregor at infomedia.si> wrote:
> 
> This feature would be great regarding webrtc or verto. Otherwise, user and password must be embed or sent in html.
> 
> 
> On Tue, May 3, 2016, 17:07 Oivvio Polite <mylists at polite.se <mailto:mylists at polite.se>> wrote:
> 
> 
> On Tue, May 3, 2016, 16:41 Michael Jerris <mike at jerris.com <mailto:mike at jerris.com>> wrote:
> use for what exactly?
> 
> So that I can do authorization somewhere else and just give the user a token that FS can verify without having to stay in sync with some central user repository. All of this is in a WebRTC context.
> 
> Oivvio

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160503/d396e1ed/attachment.html