Generating the key

 Top  Previous  Next

The one-time authentication key is a temporary key generated by WebFMX Server, intended to protect the actual username and password. Both key and password are temporary data and they will be only valid for a single connection and limited period of time.

 

How it works:

 

1. First you need to ask WebFMX Server to generate the key and password for you. Call the server following this URL format:

 

http(s)://WebFMXServer:Port/ws/oturl/get?<queryString>

 

2. The queryString should be built with all parameters listed below:

 

username= <username> &password= <password> &plen= <passlen> &expires= <expires>

 

Find on the table below a description for each required parameter.

 

Parameter

Description

username

This is the username to be authenticated on WebFMX Server.

password

The password of the user to be authenticated.

plen

This parameter carries the returned unique password length.

expires

Through this parameter you can set an expiration(in minutes) for the key-password pair. Expires = 30 means that the pair won't work anymore after 30 minutes have passed from the pair generation.

 

3. If WebFMX gets to authenticate with the sent parameters, it will return a JSON object containing the One-Time key/password pair.

 

Parameter

Description

valid

Use this result to know whether the authentication was successful (username and password were valid).

key

This is the one-time key to be used for the client side authentication.

pass

This is the password to be used for the client side authentication.

 

4. If the authentication was successful, write on the end HTML file the generated key and password information, so that they can be used for the client-side key/password Validation.

 

JavaScript example:

 

This is a JavaScript example. The actual GetOneTimeKey method should be translated to the Server side programming language and only invoked from there to avoid username/password exposure on the client side.

 

function GetOneTimeKey(username,password) {

  var otkey =  getOneTimeKey(username, password);

  if (!otkey.valid) {

     alert('Invalid username/password');

   }

  return otkey;

}

 

function getOneTimeKey (username, password, passlen, expires) {

  var returl = "";

  if (!passlen) passlen = 8;

  if (!expires) expires = 30;

   $.ajax({

       url: "http(s)://WebFMXServer:port" + "/ws/oturl/get?username=" + username + "&password=" + password + "&plen=" + passlen + "&expires=" + expires,

       async: false,

       dataType: "html",

       statusCode: {

           200: function (data) {

               returl = eval("("+data+")");

           }

       }

   });

  return returl;

}