I am looking at the tutorial on github at url https://github.com/ringcentral-tutorials/getting-started-with-webrtc-js-demo
I would like to implement this, however the problem I have is that it requires the app's client id and secret to be passed to javascript to be able to use.
How do I make it so it runs on a TOKEN that I get from some backend API and not expose my app's sensitive data.
Check out the new way to authenticate using PKCE. Fully agree with you that it is not secured to expose both client id and client secret on the frontend code. I will notify the team to work on changing example using PKCE method.
Is there a way to just get the "Access Token" from a backend call and initialize the objects with that data instead of sending client id, secret etc? I think this would be a much more elegant solution and also keep sensitive data out of client code.
I think so. If you have a server and want to put user authentication code on the server side then after authentication, you can pass the tokens back to your front end to use.
Have you thought about putting the client id and client secret in the backend and read them when you setup the SDK instance, instead of adding them on the front end code. It's not 100% secure but still less exposing the secret?
7 People are following this question.
