calling a procedure as unauthenticated client

#1

Hi,

from the documentation i remember that there is the special role “anonymous” reserved for unauthenticated clients. Now how do i call a procedure as an unauthenticated client? As i see it any client gets an authenticate challenge as soon as it connects to crossbar before being able to join a realm and call any procedure.

Why do i need this? I would like to use crossbar in combination with an existing token based authentication service. Right know a client can authenticate using a (username, password) combination over a HTTP REST endpoint on the token service to get a token. To authenticate in crossbar the client uses the token it got earlier when asked by crossbar for the challenge (internally the crossbar authenticator module then asks the token service if the token is valid).

Now it would be much nicer to have a “login” procedure directly available through crossbar using wamp. Therefore i would like to configure a procedure that can be called by the “anonymous” role. I already setup the crossbar config for this, but as soon as a client connects to crossbar it is asked to authenticate long before it can call a “login” procedure.

How do i do this? There is not really a point in having the ability to set permissions for calling a procedure for an unauthenticated user if no one can call the procedure before authentication.

cheers mo

0 Likes

#2

only way i got so far is to set a role for any user with invalid credentials. would work, but is not very elegant design. And if doing this, is there a good way how to invoke a new authentication against the server?

After getting a valid token for the actual role of the user i need to reauthenticate with this new credentials. Only way i see know is to disconnect from crossbar and then reconnecting and sending the new credentials on the challenge. Or is there some “reauthenticate” method provided by crossbar/autobahn i have not found yet?

0 Likes

#3

Hi,

from the documentation i remember that there is the special role
"anonymous" reserved for unauthenticated clients. Now how do i call a

Actually, clients request the authentication method "anonymous", and the default role assigned for that authentication method is (again) "anonymous" (but you can configure another one also).

procedure as an unauthenticated client? As i see it any client gets an

The procedure needs to be registered on the respective realm, and the permissions for the role "anonymous" must allow the procedure to be called.

authenticate challenge as soon as it connects to crossbar before being
able to join a realm and call any procedure.

A client cannot call a procedure until it has joined a realm.

Why do i need this? I would like to use crossbar in combination with an
existing token based authentication service. Right know a client can

Sure. This is what WAMP-ticket is for - with a dynamic authenticator.

https://github.com/crossbario/crossbarexamples/tree/master/authentication/ticket/dynamic

authenticate using a (username, password) combination over a HTTP REST
endpoint on the token service to get a token. To authenticate in
crossbar the client uses the token it got earlier when asked by crossbar
for the challenge (internally the crossbar authenticator module then
asks the token service if the token is valid).

Now it would be much nicer to have a "login" procedure directly
available through crossbar using wamp. Therefore i would like to

See above.

configure a procedure that can be called by the "anonymous" role. I
already setup the crossbar config for this, but as soon as a client
connects to crossbar it is asked to authenticate long before it can call
a "login" procedure.

How do i do this? There is not really a point in having the ability to
set permissions for calling a procedure for an unauthenticated user if
no one can call the procedure before authentication.

I don't understand.

Cheers,
/Tobias

···

Am 18.01.2016 um 17:36 schrieb sieben tupel:

cheers mo

--
You received this message because you are subscribed to the Google
Groups "Crossbar" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to crossbario+...@googlegroups.com
<mailto:crossbario+...@googlegroups.com>.
To post to this group, send email to cross...@googlegroups.com
<mailto:cross...@googlegroups.com>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/crossbario/0cfa1b4b-f6ce-4992-b95e-23f4c7c1c072%40googlegroups.com
<https://groups.google.com/d/msgid/crossbario/0cfa1b4b-f6ce-4992-b95e-23f4c7c1c072%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.

0 Likes

#4

Hi Tobias,

thank you very much. I didn’t know that a client can authenticate using the method “anonymous” to achieve anonymous authentication. This basically answers all other questions or makes them obsolete.

Thank you for the help,

cheers mo

0 Likes