You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
HELLO.Options.authid|string is the authentication ID (e.g. username)
Receive CHALLENGE messages
Compute the HMAC-SHA256 using the shared secret over the challenge.
Send AUTHENTICATE messages in response to CHALLENGE
Accept WELCOME.Details containing authentication information
Allow the client program to forward the challenge to another party. This could be done by registering a callback function.
The client API should also allow the program to pass in a salted password, instead of a verbatim password. This way, the library cannot possibly leak the verbatim password.
Care should be taken so that the secret is wiped (zeroed-out) from memory ASAP.
The spec does not specify what the ABORT.Reason|URI should be if authentication fails. I have raised this issue in wamp-proto/wamp-proto#15.
With the existing authentication API, nothing prevents CppWAMP users from computing the cryptographic signatures themselves using other crypto libraries.
ecorm
changed the title
Implement challenge response authentication on client
Client-side challenge response authentication
May 21, 2022
Implement challenge response authentication, as per the advanced spec.
The text was updated successfully, but these errors were encountered: