Closed tompierce closed 5 years ago
Hello @tompierce thank you for your feedback!
authToken
is used for authentication, and you need to provide it always, no matter if you're providing username and password to connect to a channel or not. Here is the doc on how to generate tokens.
If no username
parameter is set in the parameters object session will try to connect to a channel in anonymous mode. Anonymous users won't be able to start outgoing messages. Anonymous access support is there for ZelloWork channels and will be added to public zello channels soon with an option for channel owners to enable or disable anonymous access to their channels.
Thanks for the prompt response @megamk.
Does the JS SDK support any sort of session refresh? We are trying to avoid having to store Zello credentials, as this poses an increased security risk. Are there plans to add OAuth, or similar, support? Then we could authenticate once, and use a revokable token for future authentications.
We're starting work on a basic integration using the JS SDK. Could you confirm that this is the expected login flow:
Client app retrieves an authToken from our server (JWT, signed with the private key generated by the Zello Work admin panel)
Client app prompts user for username, password, channel name
Client app starts a session by creating a ZCC.Session with the auth_token
, username
, password
, channel
parameters.
If the client app loses connection, we need to create a new session and provide the same parameters: auth_token
, username
, password
, channel
.
Could we store the username and password in the JWT payload of the auth_token
? That would allow us to just store the token, which has the benefits of being expirable and encrypted.
Hi Guys, Thanks for the quick turn-around on the JS SDK - It's looking good!
I had a query RE: Authenticating:
In what cases is the username & password optional? In my testing I have to supply it. Am I missing a method of generating an auth token which includes the username and password? I'm hoping that is the case, because we'd rather not store zello credentials if we can help it.
If that is the case, could you provide some guidance on what that looks like?
Thanks in advance, Tom