Smit Shah avatar image
Smit Shah asked Phong Vu commented

WebRTC Security Issue

I am looking at the tutorial on github at url

I would like to implement this, however the problem I have is that it requires the app's client id and secret to be passed to javascript to be able to use.

How do I make it so it runs on a TOKEN that I get from some backend API and not expose my app's sensitive data.

rest api
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Phong Vu avatar image
Phong Vu answered Phong Vu commented

Check out the new way to authenticate using PKCE. Fully agree with you that it is not secured to expose both client id and client secret on the frontend code. I will notify the team to work on changing example using PKCE method.

1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Is there a way to just get the "Access Token" from a backend call and initialize the objects with that data instead of sending client id, secret etc? I think this would be a much more elegant solution and also keep sensitive data out of client code.

0 Likes 0 ·

I think so. If you have a server and want to put user authentication code on the server side then after authentication, you can pass the tokens back to your front end to use.

Have you thought about putting the client id and client secret in the backend and read them when you setup the SDK instance, instead of adding them on the front end code. It's not 100% secure but still less exposing the secret?

0 Likes 0 ·

Developer sandbox tools

Using the RingCentral Phone for Desktop, you can dial or receive test calls, send and receive test SMS or Fax messages in your sandbox environment.

Download RingCentral Phone for Desktop:

Tip: switch to the "sandbox mode" before logging in the app:

  • On MacOS: press "fn + command + f2" keys
  • On Windows: press "Ctrl + F2" keys