At ConnectyCube, we continuously strive to enhance both the technical and user experience of our platform. In this update, we’re excited to share significant changes we’ve made to simplify credentials and improve the user login flow. Let’s dive into the details!
Simplified credentials
Currently, identifying a ConnectyCube app requires three credentials:
- App ID
- Auth Key
- Auth Secret
While these credentials are essential for app functionality, using the Auth Secret in frontend code (web or mobile) poses a security risk. Secrets are best applied on the backend, as frontend code is easily accessible by users, potentially revealing sensitive information.
How we solve this:
To address this, we’ve implemented the following changes:
- Eliminating Auth Secret: the Auth Secret is no longer required, reducing the risk of security vulnerabilities in frontend implementations.
- Improved Auth Key format: Auth Keys are now in UUID format, making them significantly harder to guess.
- Simplified session token creation: when creating a session token, you only need to provide the following:
– Application ID
– Auth Key
Additional parameters like timestamps, nonces, and signature calculations are now optional. This simplification optimizes the process, saving time and effort.
The changes are also reflected in the admin panel where only Auth Key is available in the app’s credentials:
Improved user login flow
Previously, onboarding a new user required multiple sequential steps:
- Create a session token
- Create a user
- Log in the user
- Connect to chat
This multi-step process added complexity and overhead, particularly during development and testing.
How we solve this:
We’ve revamped the login flow to make it more efficient, with distinct approaches for development/testing and production environments.
Development and testing stages
In these stages, we’ve reduced the process to just 2 steps:
- Create user’s session token: during this step the user is created automatically on the fly upon session creation using the login (or email) and password from the request parameters.
The server will:- Check the database for a matching user.
- If no match is found, create a new user account.
- Log in the user and create a session token.
All three actions (user creation, login, and session token generation) are now combined into a single request.
- Connect to chat: with the user ID and session token, users can immediately connect to chat.
Production stage
For production environments, we’ve retained a structured flow with 3 requests:
- Create user: this can now be performed without a token. Simply pass the Auth Key in the headers.
- Create session token: generate a token for secure communication.
- Connect to chat: use the user ID and session token to connect to the chat service.
This approach ensures a balance between simplicity and security in different environments.
Enhanced dashboard controls
To further empower developers, we’ve introduced the ability to switch between development/testing and production stages directly from the ConnectyCube Dashboard. By default, apps are set to the development/testing stage, allowing for quicker iterations during initial builds:
For better security it is recommended to deny the session creation without an existing user. This is especially actual while switch to production when the app going live.
For this, set ‘Session creation without an existing user entity’ to Deny under the Application -> Overview -> Permissions tab in the admin panel.
Maintaining backward compatibility
We’re committed to supporting all our existing users. These updates have been designed with backward compatibility – the current API integrations will continue to function without requiring any changes.
The benefits of these changes:
- Increased security: removing Auth Secret reduces the risk of exposing sensitive information in frontend code.
- Improved usability: simplified login flows make it faster and easier to integrate ConnectyCube into your apps.
- Flexibility: development and production stages are set to meet the specific needs of each phase, with easy switching in the dashboard.
- Backward compatibility: existing integrations remain fully functional.
These updates mark a significant step forward in our mission to make ConnectyCube more secure, user-friendly, and efficient. We’re excited for you to experience these improvements and welcome your feedback as we continue to refine our platform.