Channels and their keys about emitter HOT 8 CLOSED

Hello,

you can use the keygen api with the secret key that is displayed in the "security" section of your account. You'll find some documentation about this here under Channel Security And Authorization.

Of course, this key should never be distributed to actual clients.

If what you need is to generate keys at runtime from client, this not possible for at least the following two reasons :

• the channel/subchannel pattern fits most use cases
• generating keys that allow generating other keys seems unsafe

from emitter.

from emitter.

Not from a configuration file. I would simply use the keygen api.

Are you talking about the documentation about rolling your own servers?

from emitter.

from emitter.

Requesting a channel key from the broker succeeds, also for the second process (the channel-keys are different). Then i proceeded to take the key from the first process and use that in the second process, still publishing a message is not received by the first process who is a subscriber.
The 2nd process is the one that connects to the broker and does a PublishTTL.
The only thing that seems to work is if i go to the /keygen page and register manually.

Am i doing something wrong when requesting a key from the server from my process (written in Go)?

P.S.: I had to search what to fill in for the 'Type' as "rwslp" to give it all the rights.

Best
Jurgen

from emitter.

Ok i was a bit too premature in my above statement, it does work now.
Process 1 requests a key with "rwslp" rights and subscribes to channel X.
Process 2 requests a key with "rwslp" rights and publishes a message to channel X.
Channel keys are different, but the message is received by process 1.

So it all works now!

from emitter.

hello!

please let me know @Florimond or @jurgen-kluft, how to use securely emitter.io with javascript. Since it is a client side-script, the channel key will shown in the DOM, so it can be stolen.
Sould I generate a new channel key in (let's say) every 10 minutes? A bit more secure, but it doesn't seem to be the correct solution.

But if I have to do it like above, then:

1. how to generate the new channel key? It must not be made on client side, in order not to be shown my secret key in the DOM :)

2. (if it is needed,) how to tidy the zombie channels after every 10 minutes?

thanks
Tamas

from emitter.

@bagitom
There is the notion of extendable channels now. If I remember correctly, it should work like this...

• You create type e key for a root channel to give to (A). It should only be able to extend.
• You create a key with full rights to this root channel to give to (B).
• (B) subscribes to the root channel and all sub-channels.
• (A) extends his channel with his special key by calling Keygen. It receives a response with the the root channel to which was added a random suffix, this is your extension.
• (A) publishes sort of a hello to his extended channel, that way (B) sees a message coming from this extended channel and knows to answer through that specific channel.

Hope this helps. It should be the subject of a small tutorial in the future...

from emitter.