RTO password/client secret with EMA

Hello,

My client is currently using EMA with TREP proxy infrastructure including DACS for user permissions.

They will migrate to cloud RTO (so get rid of TREP) and still be using EMA.

All the example series on Github (including 100 consummer application and 113 session management) show that when creating the consumer for real time, it recieves a config object containing the credential (taken from the Welcome Email and generated password) in clear.

With respect to security issues, is there any other way of configuring the credentials in EMA without passing them in clear in the code?

Thanks,

Regards,

Dimitar

Find more posts tagged with

rrto

ema-api

#technology

Accepted answers

Gurpreet

Hi Dimitar,

The EMA SDK needs username/password which is used in the OAuth Password grant and exchanged for an access token, and this is the only means to do this.

If you are concerned about storing clear text password, your application can take additional steps like encrypt and store the password, and decrypt right before using it.

This article on OAuth grant types might be helpful as well.

All comments

Gurpreet

Hi Dimitar,

The EMA SDK needs username/password which is used in the OAuth Password grant and exchanged for an access token, and this is the only means to do this.

If you are concerned about storing clear text password, your application can take additional steps like encrypt and store the password, and decrypt right before using it.

This article on OAuth grant types might be helpful as well.

DimAngelNX

Many thanks

EXPLORE OUR SITES