Authorization: one-time key
There are some cases when you need to log in users into a web phone automatically, but do not want a plain text password (which is accepted by the login method) to be available in JavaScript code. This is where we can use the loginWithOneTimeKey method to log in.
Let us assume that you need to log a user myuser into an application myapp in your Voximplant account myaccount, and this user has the password mypass.
- Add a handler for the AuthResult event.
- Request a one-time authentication login key using the requestOneTimeLoginKey function.
Login key TTL
After you request your login key with requestOneTimeLoginKey, it expires after 5 minutes. If you require a one-time login key for this account from another device, the current login key expires.
- Calculate the token on your backend.
MD5(`${login_key}|${MD5(`${myuser}:voximplant.com:${mypass}`)}`)
Please note
1) myuser does not include @appname.accname.voximplant.com;
- 2) this formula allows you to store only hashes on the backend, not passwords.
- Send this token using the loginWithOneTimeKey function.
- Finally, you will receive AuthResult with result == true if the correct password was specified.
Example
Example backend function PHP:
echo md5($_REQUEST['key'].'|'.md5($myuser.':voximplant.com:'.$mypass));
Ruby:
require 'digest/md5' concat Digest::MD5.hexdigest(request.POST['key']+'|'+Digest::MD5.hexdigest(myuser+":voximplant.com:"+mypass))
Node.js:
const app = express();
let md5 = crypto.createHash('md5');
app.use(bodyParser.urlencoded({ extended: false }));
app.post('/', cors(), (req, res) => {
res.writeHead(200, {'Content-Type': 'text/plain'});
const hash = md5.update(`${req.body.appUser}:voximplant.com:${req.body.appUserPassword}`).digest('hex');
md5 = crypto.createHash('md5')
const token = md5.update(`${req.body.key}\|${hash}`).digest('hex');
res.end(token);
});
Java(Spring):
@RestController
@EnableAutoConfiguration
public class StartPoint {
private static final String login = "";
private static final String pass = "";
private static final String HASH;
static {
HASH = DigestUtils.md5DigestAsHex((login + ":voximplant.com:" + pass).getBytes());
}
@RequestMapping("/hash/{login}")
public String getHash(@PathVariable String login) {
String key = login + "|" + HASH;
return DigestUtils.md5DigestAsHex(key.getBytes());
}
public static void main(String[] args) {
SpringApplication.run(StartPoint.class, args);
}
}