Avaya Client SDK

Author	Message
31/07/2020 03:33:49	Subject: IX CDSK 4.5 JavaScript Sample App & Guest calls #1
sbogdanov.avaya.com Joined: Jun 5, 2019 Messages: 2 Offline	Hello Colleagues Could you please clarify why i can make guest webrtc calls if i using username "csaGuest/bla-bla-bla" and have disabled Token Authentication? It is look like backdoor. How i can resolve it? Thanx in advance!
Profile PM

14/08/2020 10:41:10	Subject: Re:IX CDSK 4.5 JavaScript Sample App & Guest calls #2
lfarias Joined: Oct 7, 2019 Messages: 46 Offline	Hello Sbogdanov, Could you please elaborate on the issue? If you are defining a username as credentials for Javascript Client SDK user config then you're probably seeing basic auth being used, right? Leandro.
Profile PM

18/08/2020 04:07:22	Subject: Re:IX CDSK 4.5 JavaScript Sample App & Guest calls #3
sbogdanov.avaya.com Joined: Jun 5, 2019 Messages: 2 Offline	lfarias wrote:If you are defining a username as credentials for Javascript Client SDK user config then you're probably seeing basic auth being used, right? Hello Leandro Ok. I am testing Communication Services Package Sample App (IX CSDK 4.5). It support credentials calls via AADS integration (for example, i input domain's username/password and can make outbound and inbound calls as Aura user (with COR/COS and so on). If i input csaguest/anyname without password - i can make guest outbound calls without token request from AAWG - this look like backdoor.
Profile PM

Author

Message

31/07/2020 03:33:49

Subject: IX CDSK 4.5 JavaScript Sample App & Guest calls

sbogdanov.avaya.com
Joined: Jun 5, 2019
Messages: 2
Offline

Hello Colleagues
Could you please clarify why i can make guest webrtc calls if i using username "csaGuest/bla-bla-bla" and have disabled Token Authentication? It is look like backdoor. How i can resolve it?
Thanx in advance!

Profile

14/08/2020 10:41:10

Subject: Re:IX CDSK 4.5 JavaScript Sample App & Guest calls

lfarias
Joined: Oct 7, 2019
Messages: 46
Offline

Hello Sbogdanov,

Could you please elaborate on the issue? If you are defining a username as credentials for Javascript Client SDK user config then you're probably seeing basic auth being used, right?

Leandro.

Profile

18/08/2020 04:07:22

Subject: Re:IX CDSK 4.5 JavaScript Sample App & Guest calls

sbogdanov.avaya.com
Joined: Jun 5, 2019
Messages: 2
Offline

lfarias wrote:If you are defining a username as credentials for Javascript Client SDK user config then you're probably seeing basic auth being used, right?

Hello Leandro
Ok. I am testing Communication Services Package Sample App (IX CSDK 4.5). It support credentials calls via AADS integration (for example, i input domain's username/password and can make outbound and inbound calls as Aura user (with COR/COS and so on). If i input csaguest/anyname without password - i can make guest outbound calls without token request from AAWG - this look like backdoor.

Profile

Avaya Experience Platform

Avaya Enterprise Cloud

Avaya Aura Platform

About Compliance Testing

Compliance Tested Solutions

Remote Labs

Procurement Benefits

Program Overview

Program Benefits

Co-Marketing Benefits

Membership Options

DevConnect Partner Gallery

Avaya Experience Platform

Avaya Enterprise Cloud

Avaya Client SDK

Avaya Aura Platform

About DevConnect Support

Submit Support Tickets

Support Forums

Other Support Options

Compliance Testing

About Compliance Testing

Compliance Tested Solutions

Labs & Sandboxes

Remote Labs

Procurement Benefits

Program

Program Overview

Program Benefits

Membership Options

Co-Marketing

Co-Marketing Benefits

Relationship Benefits