Browser-Phone
Browser-Phone copied to clipboard
InnovateAsterisk
Reg registration
It’s not really up to the client, that’s more of a server configuration. Asterisk can be configured to work without authentication or with ip authentication quite easily. The question is: do you want to do that? Generally trunking (server to isp) is possible with ip auth, but then the ip addrsss is normally registered with the isp. Endpoints, on the other hand, are normal authed with username and password because it’s often not known what IP address you will be connecting with. Removing authentication is wildly dangerous especially if you have a hosted instance.
If you don’t want to issue a username and password for each of your clients, I would consider provisioning of some sorts, and have the information load at runtime only, then clear out, so credentials are only temporary.
In general, when you are using this kind of technology, you would be using some sort of existing session, even something like Active Directory, LDAP, or browser sessions in the first place. Including sip credentials to this shouldn’t be difficult.
I would not recommend making the browser phone publicly available with your own sip credentials hard coded in the scripts. This would simply be giving people access to your asterisk box.
You should have a session environment before the phone page, and that session can provision sip details.
I have an session environment before phone page. How the sip details can be provided to Browser Phone? I'm trying to think something like these https://mybrowserphone.com/auth?username=USERNAME&password=PASSWORD
If you have an extension that is facing the public with a password in the url, please make sure that the extension can only be entered into a queue, or something that doesn’t have access to your outbound trunks.