New Wialon Authorization Method

User data protection has always been our top priority. To increase authorization security in Wialon Hosting and Wialon Local, we’ve integrated a more up-to-date and safe oAuth-based solution into the system.

Login-based authorization will be in use till October, 1. Our partners who have used links for demo-login or self-made authorization forms need to change authorization method.

Data-protection

Wialon oAuth-based Authorization: Basic Principles

  • For security reasons, an authorization form can be accessed only from trusted DNSs, which have a form of *.wialon.com (or your extra site DNS). It means that it is allowed to authorize to Wialon using a form located on Wialon server only;
  • Once you’ve successfully authorized, the server automatically generates a token and saves it in User settings. The token helps you enter websites and use applications. You can also pass it to other users if your token was generated with restricted access rights;
  • A token has a number of properties including time of activation, expiry date, access rights, name and so on. You can restrict rights to a token and change its expiry date if needed. By default tokens are created for 30 days and their access rights correspond to those of a User;
  • All the tokens you’ve generated can be seen in monitoring interface (User menu – Manage Applications – Authorized Applications). Token access rights are also displayed there. Using the dialog, you can delete the tokens you no longer need;
  • Expired tokens are deleted automatically. Tokens are also deleted when unused for 100 days and more. To generate a new token, you have to enter login and password again;
  • One user can have no more than 1 thousand tokens;
  • When you enter Wialon websites, both User and token access rights are considered. Therefore, token rights can restrict those of a User or leave them as they are.

You can use our oAuth form for a website and app authorization. There are 2 types of forms available (simple and advanced).

Advanced Authorization Form

The advanced authorization form is suitable for different applications (including mobile ones). On top of the form your logo is displaced; we take logos from your “skin” (personal design). At the bottom of the form, you can find login and password tabs as well as the button to submit the form. Advanced authorization form also includes a section with access rights and their description.

Simple Authorization Form

The simple authorization form can be integrated into business card websites through iframe. You can also use it to enter tracking sites after authorization. The logo is placed at the top of the form and tabs for login and password along with authorization button – at the bottom of it.

The simple form is meant to replace self-made authorization forms on our partners’ websites. It is small size, contains no sophisticated parameters and excessive requests.

In the manual, you can find a full description of advanced and simple authorization forms, as well as examples of their use and other data.

If you have any questions, feel free to contact Wialon technical support team. We work 24/7 and are always ready to help you. New authorization forms are easy to difficulties and will definitely improve your business security.

Have a great weekend!

2 thoughts on “New Wialon Authorization Method

  1. Dear Wialon,
    Does this update is applicable for lite version of wialon monitoring interface as well i.e. (lite.wialon.com)? This will be really weird if there remains discrepancy in features sets in hosting.wialon.com and lite.wialon.com. To list a few difference for instance, lite.wialon.com currently does not support Quick login method but hosting.wialon.com does support it.

    Quick login described here in Wialon SDK-
    http://docs.wialon.com/en/hosting/user/gui/login?s%5B%5D=login (A quick login without entering (or even knowing) user name and password is possible, provided that there is an active session available. Then URL link should contain the sid parameter, e.g., http://wialonb3.gurtam.com/?sid=3086417ea744b0dbb85202cebe3ff134.)

    How can we do quick login into wialon new hosting interface lite.wialon.com? I will really request you to please have parity in terms of feature set in hosting.wialon.com and lite.wialon.com.

    Thanks!

    1. Hello!
      Wialon Lite supports quick login as well as Wialon Hosting. The only difference is that Wialon Lite doesn’t show your sid in URL field. But if you have active sid (for example from Wialon Hosting) you can pass it to Lite site and be authorized there. Now you can pass also token in URL to be authorized.
      Token is more permanent authorization key comparing to sid.
      We can show user’s sid in Wialon Lite URL field if it is very important.

Leave a Reply

Your email address will not be published. Required fields are marked *