Features
Use Cases

Ready-made

Messenger TeaTalk

Industries

Healthcare Social Apps Banking Recruiting Real Estate Marketplaces Educational Apps
Developers Pricing
Company
Contact Blog
Request demo

|

Features
Use Cases

Ready-made

Messenger TeaTalk

Industries

Healthcare Social Apps Banking Recruiting Real Estate Marketplaces Educational Apps
Developers Pricing
Company
Contact Blog
Request demo Log in Sign up
Holiday sale: Get 25% Off all plans!
Promocode: CC2025

Reading time 0 mins

Linked-in

Simplified credentials and improved user flow

 

At ConnectyCube, we continuously strive to enhance both the technical and user experience of our platform. In this update, we’re excited to share significant changes we’ve made to simplify credentials and improve the user login flow. Let’s dive into the details!

Simplified credentials

Currently, identifying a ConnectyCube app requires three credentials:

  1. App ID
  2. Auth Key
  3. Auth Secret

While these credentials are essential for app functionality, using the Auth Secret in frontend code (web or mobile) poses a security risk. Secrets are best applied on the backend, as frontend code is easily accessible by users, potentially revealing sensitive information.

How we solve this:

To address this, we’ve implemented the following changes:

  1. Eliminating Auth Secret: the Auth Secret is no longer required, reducing the risk of security vulnerabilities in frontend implementations.
  2. Improved Auth Key format: Auth Keys are now in UUID format, making them significantly harder to guess.
  3. Simplified session token creation: when creating a session token, you only need to provide the following:
    – Application ID
    – Auth Key

Additional parameters like timestamps, nonces, and signature calculations are now optional. This simplification optimizes the process, saving time and effort.

The changes are also reflected in the admin panel where only Auth Key is available in the app’s credentials:

Improved user login flow

Previously, onboarding a new user required multiple sequential steps:

  1. Create a session token
  2. Create a user
  3. Log in the user
  4. Connect to chat

This multi-step process added complexity and overhead, particularly during development and testing.

How we solve this:

We’ve revamped the login flow to make it more efficient, with distinct approaches for development/testing and production environments.

Development and testing stages

In these stages, we’ve reduced the process to just 2 steps:

  1. Create user’s session token: during this step the user is created automatically on the fly upon session creation using the login (or email) and password from the request parameters.
    The server will:

    • Check the database for a matching user.
    • If no match is found, create a new user account.
    • Log in the user and create a session token.

    All three actions (user creation, login, and session token generation) are now combined into a single request.

  2. Connect to chat: with the user ID and session token, users can immediately connect to chat.

Production stage

For production environments, we’ve retained a structured flow with 3 requests:

  1. Create user: this can now be performed without a token. Simply pass the Auth Key in the headers.
  2. Create session token: generate a token for secure communication.
  3. Connect to chat: use the user ID and session token to connect to the chat service.

This approach ensures a balance between simplicity and security in different environments.

Enhanced dashboard controls

To further empower developers, we’ve introduced the ability to switch between development/testing and production stages directly from the ConnectyCube Dashboard. By default, apps are set to the development/testing stage, allowing for quicker iterations during initial builds:

For better security it is recommended to deny the session creation without an existing user. This is especially actual while switch to production when the app going live.

For this, set ‘Session creation without an existing user entity’ to Deny under the Application -> Overview -> Permissions tab in the admin panel.

Maintaining backward compatibility

We’re committed to supporting all our existing users. These updates have been designed with backward compatibility – the current API integrations will continue to function without requiring any changes.

The benefits of these changes:

  • Increased security: removing Auth Secret reduces the risk of exposing sensitive information in frontend code.
  • Improved usability: simplified login flows make it faster and easier to integrate ConnectyCube into your apps.
  • Flexibility: development and production stages are set to meet the specific needs of each phase, with easy switching in the dashboard.
  • Backward compatibility: existing integrations remain fully functional.

These updates mark a significant step forward in our mission to make ConnectyCube more secure, user-friendly, and efficient. We’re excited for you to experience these improvements and welcome your feedback as we continue to refine our platform.

Make app development easier with ConnectyCube! Sign up now to try these features and see how ConnectyCube can speed up your work and help you build amazing apps!


×

Subscribe for updates

Get updates on our new posts by subscribing to our newsletter



awesomecube
Posted by awesomecube

December 19, 2024

Get started for FREE

Unlock the benefits of tomorrow by signing up today.

Don't wait, take the first step towards a brighter future with us!

Request a demo Request a demo