calling a procedure as unauthenticated client

21 views
Skip to first unread message

sieben tupel

unread,
Jan 18, 2016, 11:36:27 AM1/18/16
to Crossbar
Hi,

from the documentation i remember that there is the special role "anonymous" reserved for unauthenticated clients. Now how do i call a procedure as an unauthenticated client? As i see it any client gets an authenticate challenge as soon as it connects to crossbar before being able to join a realm and call any procedure.

Why do i need this? I would like to use crossbar in combination with an existing token based authentication service. Right know a client can authenticate using a (username, password) combination over a HTTP REST endpoint on the token service to get a token. To authenticate in crossbar the client uses the token it got earlier when asked by crossbar for the challenge (internally the crossbar authenticator module then asks the token service if the token is valid).

Now it would be much nicer to have a "login" procedure directly available through crossbar using wamp. Therefore i would like to configure a procedure that can be called by the "anonymous" role. I already setup the crossbar config for this, but as soon as a client connects to crossbar it is asked to authenticate long before it can call a "login" procedure.

How do i do this? There is not really a point in having the ability to set permissions for calling a procedure for an unauthenticated user if no one can call the procedure before authentication.

cheers mo
Message has been deleted

sieben tupel

unread,
Jan 18, 2016, 12:00:31 PM1/18/16
to Crossbar
only way i got so far is to set a role for any user with invalid credentials. would work, but is not very elegant design. And if doing this, is there a good way how to invoke a new authentication against the server?

After getting a valid token for the actual role of the user i need to reauthenticate with this new credentials. Only way i see know is to disconnect from crossbar and then reconnecting and sending the new credentials on the challenge. Or is there some "reauthenticate" method provided by crossbar/autobahn i have not found yet?

Tobias Oberstein

unread,
Jan 18, 2016, 2:47:32 PM1/18/16
to cross...@googlegroups.com
Am 18.01.2016 um 17:36 schrieb sieben tupel:
> Hi,
>
> from the documentation i remember that there is the special role
> "anonymous" reserved for unauthenticated clients. Now how do i call a

Actually, clients request the authentication method "anonymous", and the
default role assigned for that authentication method is (again)
"anonymous" (but you can configure another one also).

> procedure as an unauthenticated client? As i see it any client gets an

The procedure needs to be registered on the respective realm, and the
permissions for the role "anonymous" must allow the procedure to be called.

> authenticate challenge as soon as it connects to crossbar before being
> able to join a realm and call any procedure.

A client cannot call a procedure until it has joined a realm.

> Why do i need this? I would like to use crossbar in combination with an
> existing token based authentication service. Right know a client can

Sure. This is what WAMP-ticket is for - with a dynamic authenticator.

https://github.com/crossbario/crossbarexamples/tree/master/authentication/ticket/dynamic

> authenticate using a (username, password) combination over a HTTP REST
> endpoint on the token service to get a token. To authenticate in
> crossbar the client uses the token it got earlier when asked by crossbar
> for the challenge (internally the crossbar authenticator module then
> asks the token service if the token is valid).
>
> Now it would be much nicer to have a "login" procedure directly
> available through crossbar using wamp. Therefore i would like to

See above.

> configure a procedure that can be called by the "anonymous" role. I
> already setup the crossbar config for this, but as soon as a client
> connects to crossbar it is asked to authenticate long before it can call
> a "login" procedure.
>
> How do i do this? There is not really a point in having the ability to
> set permissions for calling a procedure for an unauthenticated user if
> no one can call the procedure before authentication.

I don't understand.

Cheers,
/Tobias

>
> cheers mo
>
> --
> You received this message because you are subscribed to the Google
> Groups "Crossbar" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to crossbario+...@googlegroups.com
> <mailto:crossbario+...@googlegroups.com>.
> To post to this group, send email to cross...@googlegroups.com
> <mailto:cross...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/crossbario/0cfa1b4b-f6ce-4992-b95e-23f4c7c1c072%40googlegroups.com
> <https://groups.google.com/d/msgid/crossbario/0cfa1b4b-f6ce-4992-b95e-23f4c7c1c072%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.

sieben tupel

unread,
Jan 19, 2016, 8:05:20 AM1/19/16
to Crossbar
Hi Tobias,

thank you very much. I didn't know that a client can authenticate using the method "anonymous" to achieve anonymous authentication. This basically answers all other questions or makes them obsolete.

Thank you for the help,

cheers mo
Reply all
Reply to author
Forward
0 new messages