Login Authentication
Update time: 2022/11/25 08:10:56
Features
CommsEase provides three types of login authentication.
Static token authentication
This authentication method is a default authentication method of YunXin. Users should set or automatically generate a token when creating an accid by calling CommsEase server API (/user/create.action). The token is permanent, and the client SDK should fill in the accid and token when logging into CommsEase server. CommsEase server will check whether the accid and token are consistent.
If a user wants to update the token voluntarily, or if the token is accidentally leaked and the token needs to be updated, the relevant API interfaces (/user/update.action and /user/refreshToken.action) can be called for update.
Appsecret-based dynamic token authentication
When a user creates an application in the background of the CommsEase website, an appkey and appsecret will be generated. Based on the appkey, appsecret and accid, CommsEase will agree on a method to generate a dynamic token as follows:
#Get the current timestamp (in milliseconds) first
curTime = 1614764611561
#Set the expiration time (in seconds), for example 600
ttl = 600
#Generate signature, combine five fields (appkey, accid, curTime, ttl, and appsecret) into a string, and perform sha1 encoding
signature = sha1(appkey + accid + curTime + ttl + appsecret)
#Assemble into json
json = {"signature": "xx", "curTime":1614764611561, "ttl": 600}
#Convert json into a string and base64 encode it to generate the final token
token=base64(json)
After generating a token using the above method, the client SDK fills in the token and logs in, and the account is successfully logged in after successful server verification.
- The above dynamic token generation method relies on appsecret, so the generation logic must be implemented on the user's server side to avoid appsecret leakage.
- The token of this authentication method is dynamic and temporary, and its validity period is set by the customer, a validity period that is too long is not recommended.
Third-party callback based authentication
This authentication method relies on login callback among the third-party callback features for customers to open a CommsEase account. In the login callback, the CommsEase server will copy the client accid, token, client type, client ip, login custom extension and other fields to the user server, and then the user server will determine whether the verification can pass. If not, the CommsEase server will return 302 error code to the end.
If this authentication method is adopted, the CommsEase server will not verify the token and other fields.
Considerations
- The first authentication method is default by YunXin, and the features of the latter two authentication methods should be enabled separately. In particular, for third-party callback based authentication methods, you should enable additional login callback feature. If the login callback is not enabled, any token can be successful logged in.
- The user can enable one or more of the above three authentication methods, and the sdk will inform the CommsEase server of the authentication method used for this login. If the authentication method is not in the list of available authentication types, you will be informed of login failure.