Conversation
asinghal-bandwidth
commented
Feb 11, 2025
asinghal-bandwidth
commented
- WEBRTC-170: Auto refresh token mechanism added
| REACT_APP_ACCOUNT_USERNAME=xxxxxxxxxx | ||
| REACT_APP_ACCOUNT_DISPLAY_NAME=xxxxxxxxx | ||
| REACT_APP_ACCOUNT_PASSWORD=xxxxxxxxx | ||
| REACT_APP_AUTH_URL=https://authtoken.url |
There was a problem hiding this comment.
this will always be the id.bandwidth URL correct? Should we just set it for the user since it is not a secret value?
There was a problem hiding this comment.
My only qualm with this is that we encourage customers to fetch auth tokens from the frontend, and storing the BW Username and pass there is not safe
it is a sample app at the end of the day, but the tokens shouldn't be generated client side, a backend should handle that so that the user/pass is nowhere in the client
| // Your API details | ||
| const AUTH_URL = process.env.REACT_APP_AUTH_URL; | ||
| const header = process.env.REACT_APP_AUTH_CREDENTIALS; | ||
| const BASIC_AUTH_CREDENTIALS = btoa(header); // Base64 encoding for Basic Auth |
There was a problem hiding this comment.
instead of having repeated variables (username, password, and authCredentials which is just username:password) - can we simplify the env vars and construct the header from the provided user/pass env vars?
3 participants
