[Freeswitch-users] JSON Web Tokens
gregor at infomedia.si
Wed May 4 01:01:14 MSD 2016
Sorry, Michael, if I do not understand whole registration process, but
would realy like to understand.
I am working with verto and xml_curl and when registering, I need to return
xml formated response with password in xml_curl. I guess that freeswitch
then compare what client sent and what it gets from xml_curl. Am I right?
Colin, either if you get token (you can send it as username for example) it
wouldn't help you, because you can't confirm in xml_curl if user is
verified or not. You can only send back user details with passwords as what
is expected from xml_curl. Am I right?
2016-05-03 22:31 GMT+02:00 Colin Morelli <colin.morelli at gmail.com>:
> Michael can you provide an example of how you'd get the password portion
> (or the token) to a process via xml curl?
> I haven't been able to figure it out
> Thanks in advance
> On Tue, May 3, 2016 at 4:29 PM Michael Jerris <mike at jerris.com> wrote:
>> This is incorrect.. as I said you can handle the login via a dynamic
>> directory lookup. There is no reason or need to do anything like
>> dynamically changing the password.
>> On May 3, 2016, at 4:08 PM, Gregor Nanger <gregor at infomedia.si> wrote:
>> Well, somwhere you have to pass username an password in client when
>> user can see it, either by monitoring network in browser or see source code
>> of page. In voip phone, password is hidden in password textbox for example
>> and it is not easy accessible as from Web client. Hope you understand what
>> I mean.
>> Maybe as Michael said. If you put token as loginparam, but still there is
>> no way in xml_curl to say, oh you are verto user with this token and token
>> is ok, so you are logged in, although you didn't send password from client
>> The best what I think of is to automatically change password on some
>> period and client should retrieve it when login expire. This way you can
>> use it like token. Real authorization is anyway first on your Web app.
>> Please correct me if I'm wrong, but from Fs side, login procedure is same
>> for sip client or verto client?
>> Best regards, Gregor
>> On Tue, May 3, 2016, 20:17 Michael Jerris <mike at jerris.com> wrote:
>>> You may have to pass it in loginParams but i think it should be
>>> possible from looking at the code. Double check what all you get in the
>>> On May 3, 2016, at 1:25 PM, Colin Morelli <colin.morelli at gmail.com>
>>> Is that actually possible? I have an application using mod_xml_curl but
>>> FS doesn't send passwords as part of the directory request (as far as I can
>>> tell). I actually wanted to do something very similar to this.
>>> On Tue, May 3, 2016 at 1:07 PM Tristan Mahé <gled at remote-shell.net>
>>>> AFAIK, there is no module handling JWT at the moment, but you can do
>>>> pretty much anything you can think of using lua, or any other langage
>>>> supported by freeswitch.
>>>> On 05/03/2016 07:12 AM, Oivvio Polite wrote:
>>>> > Can FreeSwitch handle JSON Web Tokens natively or be made to handle
>>>> > through one of the available scripting languages?
>>>> > Oivvio
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> Official FreeSWITCH Sites
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> Official FreeSWITCH Sites
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
t./f.: 00386 (0) 7 6000 308/309 • m:. 00386 (0)41 756485
• Infomedia d.o.o. • Jerebova 3, Novo mesto, Slovenia
-------------- next part --------------
An HTML attachment was scrubbed...
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users