OBi110 firmware updated Aug-24-2014 to Ver 1.3.0 (Build 2872)

<< < (6/7) > >>

lrosenman:
SETUP *MUST* be done on the portal, HOWEVER, once setup, you should be able to turn off the provisioning via ObiTalk, and you must not DELETE the Obi from the portal.

R_Chandra:
Huh....would you look at that?  I see different results tonight.  I apologize...Disabled for FW update and Disabled for autoprovisioning is now working; last night it didn't seem to be so.

lrosenman:
Glad I could help.

SteveInWA:
Keep in mind:

The OBiTALK portal method of setting up Google Voice was developed specifically to not supply your login credentials to Obihai. So, the argument about the Target and Anthem data theft is moot.

When you use the portal to sign up, it is using Google's OAUTH 2.0 setup routine.  If you were paying attention, you would have seen that it opens a new browser window, directly logged into your Google, not OBiTALK, account, where Google asks you, the person signed into your Google account, if you would like to give your device permission to use a service on your Google account.  This is a normal, direct, TLS-secured web browser session between your computer's web browser and Google...not Obihai.  When you agree, the secure token exchange takes place.  Obihai never gets your password, and the only thing that you have done is to grant your OBi device to access a service on your Google account.  

By the way, Obihai has leveraged this same system to now support direct import of your Google Contacts to a OBi 10x2 IP phone's address book.

This is a far more secure method of configuring the device than giving Obihai your Google password.

As Irosenman explained, after you have done this, the OBiTALK portal has no further communication with your OBi device at all, with regard to Google Voice calling.  

Azrobert did a nice job writing up how to use this procedure to configure GV, and then "go offline" by backing up your device configuration, if you so desire.

http://www.obitalk.com/forum/index.php?topic=8685.msg57331#msg57331

R_Chandra:
Oh, yes, I was quite aware of the session popping a new tab (in my case) for Google to ask me to authorize three permissions on the first pass, and a single one on a subsequent pass.  I know my Google credentials were never touched by anyone except me and an instance of Firefox.  That's not in question.  The problem remains, where does the TOKEN go?  Under what circumstances can the token be used to authenticate as me?  Does the token go first to Obihai's server(s) and THEN to my OBi110?  You seem to say it somehow makes it straight from Google's servers to my OBi110.  It does not seem that way offhand, because the next step is to confirm that my GMail address is the one intended, THEN my OBi110 can log into GV.  Yep, I plead ignorance at the moment because I haven't broken out neither tcpdump nor Wireshark yet.

It still remains a nearly indisputable fact that passwords should never be stored, but that's what ObiTALK does with the admin password for my device.

I'm pretty sure this will prove a very good read, how to detach from ObiTALK. Thank you very much for that.

Navigation

[0] Message Index

[#] Next page

[*] Previous page