This repository has been archived by the owner on Feb 14, 2020. It is now read-only.
API credentials don't work with URN usernames #562
Labels
Comments
|
Issue by @baszoetekouw by the way. |
|
What's also missing in the functionality is the ability to specify this password for a new user or to edit it for an existing user (not yourself); as you want to be able to create a role user account for accessing the API which you cannot necessarily log in to Janus itself with. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The new API works with HTTP Basic, however HTTP Basic forbids the use of the colon (":") in the username, so if the username is an URN (like urn:collab:person:surfnet.nl:bas) then that's not going to work for accessing the API.
Also the 'secret' is not a password input field and not encoded in the database.
I recommend adding an "api username" and "api secret" field to the janus user and properly enforcing uniqueness and alphanumeric value of the api secret and encoding the api secret with blowfish.
This should then be used by the new API.
Migration should be done from the current username and secret, but from then on accounts could have different passwords on the old vs the new API.
The text was updated successfully, but these errors were encountered: