[Freeswitch-users] JSON Web Tokens

Michael Jerris mike at jerris.com
Wed May 4 01:43:33 MSD 2016


Freeswitch compares what was passed to verto from the client, with what is returned from the user directory lookup.  That doesn't have to be "a password" ... it just needs to match.  You could hardcode your client to send whatever you want, and to pass the token in loginParams, and if its validated, return the string that will match for the password, if its not valid, return something different.  mod_verto just string compares the two strings.


> On May 3, 2016, at 5:01 PM, Gregor Nanger <gregor at infomedia.si> wrote:
> 
> Sorry, Michael, if I do not understand whole registration process, but would realy like to understand.
> 
> I am working with verto and xml_curl and when registering, I need to return xml formated response with password in xml_curl. I guess that freeswitch then compare what client sent and what it gets from  xml_curl. Am I right?
> 
> Colin, either if you get token (you can send it as username for example) it wouldn't help you, because you can't confirm in xml_curl if user is verified or not. You can only send back user details with passwords as what is expected from xml_curl. Am I right?
> 
> 
> 
> 2016-05-03 22:31 GMT+02:00 Colin Morelli <colin.morelli at gmail.com <mailto:colin.morelli at gmail.com>>:
> Michael can you provide an example of how you'd get the password portion (or the token) to a process via xml curl?
> 
> I haven't been able to figure it out
> 
> Thanks in advance 
> On Tue, May 3, 2016 at 4:29 PM Michael Jerris <mike at jerris.com <mailto:mike at jerris.com>> wrote:
> This is incorrect.. as I said you can handle the login via a dynamic directory lookup.  There is no reason or need to do anything like dynamically changing the password.
> 
>> On May 3, 2016, at 4:08 PM, Gregor Nanger <gregor at infomedia.si <mailto:gregor at infomedia.si>> wrote:
>> 
>> Well, somwhere you have to pass username an password in client when calling login procedure in javascript. And if it is in client side, then user can see it, either by monitoring network in browser or see source code of page. In voip phone,  password is hidden in password textbox for example and it is not easy accessible as from Web client. Hope you understand what I mean.
>> 
>> Maybe as Michael said. If you put token as loginparam, but still there is no way in xml_curl to say, oh you are verto user with this token and token is ok, so you are logged in, although you didn't send password from client side.
>> 
>> The best what I think of is to automatically change password on some period and client should retrieve it when login expire. This way you can use it like token. Real authorization is anyway first on your Web app.
>> 
>> Please correct me if I'm wrong, but from Fs side, login procedure is same for sip client or verto client?
>> 
>> Best regards, Gregor
>> 
>> 
>> On Tue, May 3, 2016, 20:17 Michael Jerris <mike at jerris.com <mailto:mike at jerris.com>> wrote:
>> You may have to pass it in loginParams  but i think it should be possible from looking at the code.  Double check what all you get in the code.
>> 
>>> On May 3, 2016, at 1:25 PM, Colin Morelli <colin.morelli at gmail.com <mailto:colin.morelli at gmail.com>> wrote:
>>> 
>>> Michael,
>>> 
>>> Is that actually possible? I have an application using mod_xml_curl but FS doesn't send passwords as part of the directory request (as far as I can tell). I actually wanted to do something very similar to this.
>>> 
>>> Colin
>>> 
>>> On Tue, May 3, 2016 at 1:07 PM Tristan Mahé <gled at remote-shell.net <mailto:gled at remote-shell.net>> wrote:
>>> Hi,
>>> 
>>> AFAIK, there is no module handling JWT at the moment, but you can do
>>> pretty much anything you can think of using lua, or any other langage
>>> supported by freeswitch.
>>> 
>>> Best,
>>> 
>>> Tristan.
>>> 
>>> On 05/03/2016 07:12 AM, Oivvio Polite wrote:
>>> > Can FreeSwitch handle JSON Web Tokens natively or be made to handle JWT
>>> > through one of the available scripting languages?
>>> >
>>> > Oivvio
>>> >
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org <http://www.freeswitch.org/>
> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
> http://www.cluecon.com <http://www.cluecon.com/>
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org <http://www.freeswitch.org/>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org <http://www.freeswitch.org/>
> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
> http://www.cluecon.com <http://www.cluecon.com/>
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org <http://www.freeswitch.org/>
> 
> 
> 
> -- 
> Gregor Nanger
>  
> CTO
> t./f.: 00386 (0) 7 6000 308/309 • m:. 00386 (0)41 756485 
> • Infomedia d.o.o. • Jerebova 3, Novo mesto, Slovenia 
> • www.infomedia.si <http://www.infomedia.si/>_________________________________________________________________________
> Professional FreeSWITCH Consulting Services: 
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160503/3b71e7fc/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list