[feature]: possibility to store authentication "token"

[dberardo-com]

i have noticed then when the browser window is refreshed, the user needs to register again to the open a new websocket. Would it be possible to persist authentication / registration by means of cookies or auth token ?

[vanbui1995]

@dberardo-com whenever you refresh the page the websocket will be closed and the new websocket client need to be created, we can't avoid it.

persist authentication / registration by means of cookies or auth token ?

it depend on your workflow you can decide it on your web application, the package should not implement that.

eg: you can control the username password via any storage like local storage, session storage, in the react, you just need to custom useEffect to make sure the username password persisted in storage will be auto-fill automatically and proceed the register and connect.

[dberardo-com]

thanks for the answer.

it depend on your workflow you can decide it on your web application, the package should not implement that.

i see, sure one can implement a custom procedure to retrieve username and password from a backend server, but my question was whether the standard Sip on Websocket implements also other means of authentication or whether Basic Auth is the only way to go

---

i am asking this because i see some sort of "sessionId" in the sip messages so i was wondering whether it would be enough ot have it perhaps in a signed cookie or so.

[dberardo-com]

it seems this is not possible off the shelf, that is supposedly only possible using a middleware to retrieve secrets ... thats a pity, i thought sip over websockets could have been more security focused than that ...

reference> https://github.com/InnovateAsterisk/Browser-Phone/issues/480#issuecomment-1812813668