Authorization
User authorization in Watchers' Social SaaS Platform secures access to chat rooms and user data. Two main methods are offered:
- Authorization with an Encrypted User IDThis method involves passing an encrypted user ID via a GET parameter, ensuring security against unauthorized access attempts like guessing or brute-forcing.
- OAUTH Authorization. Watchers supports OAUTH as an authorization method, allowing for secure and efficient user verification.
Authorization with an Encrypted User ID
This method involves passing an encrypted user ID via a GET parameter, ensuring security against unauthorized access attempts like guessing or brute-forcing.
Authorization scheme
How it works:

For authorization, the encrypted user ID is transferred in the URL when opening a room, as shown below:
https://web.stage.watchers.io/?roomId=[Room ID]&userId=[Encrypted User ID]&apikey=[API key]
• userId is encrypted by the Partner using a mutually agreed method. Watchers will decrypt this using a secret key.
User ID Encryption
You can encrypt GET parameter userId
using aes-256-ecb
encryption method
And encode encrypted result to base64
, urlencode
and transmit it by GET parameter
.
Scheme

If users try to transmit any data without correct secret key encryption - decryption will be failed
users can’t guess any other userID or enter to chat without registration or try to avoiding the product which the chat was integrated
Example encryption service code
https://gitlab.com/watchershub/aes-example
Secret Key requirements
We use 256 bit secret key and AES ECB type of encryption, secret key should be 32 symbol length.
OAUTH Authorization
Watchers supports OAUTH as an authorization method, allowing for secure and efficient user verification.
Enabling OAUTH Authorization
You can enable this authorization method through the Admin Panel.

Overview of the OAUTH Scheme

The OAUTH scheme used by Watchers involves passing an authcode instead of a userid. This authcode should be a one-time use code to enhance security.
Requirements for Implementation
This authorization type necessitates an API endpoint on the partner’s side to exchange the authcode for a userid. The URL for this API endpoint must be entered in the Admin Panel.

API Endpoint Details
Request data:
{ "authCode" : "123456789" }
Response requirement:
{"userId" : "987654321" }
Setting up this endpoint ensures that the authorization code provided during user interaction is exchanged securely and efficiently for a userid, which is then used within the Watchers platform to identify and authenticate the user.
Updated about 2 months ago