Using customer input for device ID

Can I use an HTML form to auto fill the javascript for my customers Device ID and access token? All this information will be kept private, but instead of trying to claim and connect and everything through a web app, I think I could just claim the devices, print the access token and device ID on a card that is shipped with the product, and have them fill it in when they go to use it for the first time. Can anyone tell me if this is possible?

1 Like

So, you want to be able to enter a deviceID and accesstoken to control something using Javascript? If so, check out this: That should do the trick :smile:

I think this is close, but I’m using a simple Web app, actually you helped me out with it along with some javascript and css files. I had to copy/paste my device ID and token into the javascript to access it, I was hoping to claim the device and flash my firmware, then print the pertinent information on a card that the customer could input and it automatically update the javascript with that info.

And why wouldn’t the above work for that ;)?

Looking at it this morning, this will work, just need to add a form and I should be able to “get element byid” and place it into the device ID and access token respectively. Thanks again Moors7.

1 Like

I wouldn’t use forms, since those are… not nice? Rather, just use a text input box from which you can pull the value. That works just as well, and doesn’t require a page reload (which would make the values go away again, unless you store them in local storage (which you should look into regardless)).

I will, I would like to make sure these values don’t change due to someone accidentally touching it on their phone. Also, this is a little off topic here, but I know you’ve answered questions about it before. Regarding access tokens, is it possible to have a permanent one?

If you’re building a web page, there’s no way to make sure those values remain there permanently. If the browser is cleared, they’ll have to insert that data again. Using local storage would help to make sure that they don’t have to do that every time they open the page. Unless you clear the browser (or the local storage) those values will//should remain intact.

As for the access tokens, yes, you can create new ones, with a predetermined expiration data, even indefinitely. Making new ones can be done with the API, or you can take the one from the build IDE. Keep in mind that people with you access token will have full access to pretty much everything, since it’s the equivalent of your username/password. Thread carefully.

1 Like

I’m just wanting to make my product as simple as possible, so I’ll claim the device before it ships, print out the device ID and access token and ship it along with the product. They will only have access to their photon, in theory. But I will be doing beta testing soon so that may be something I look for before we go public.

Well, if you give them the accesstoken, they’ll have access to your entire account. The only thing you can do is hope they won’t abuse that. Otherwise you’ll have to make a somewhat larger effort and get 2 legged auth going. Then they can authenticate with something other than an all-out accesstoken. (I haven’t got experience with the latter, but it’s something to look into.)
Check this out for some more info about authentication:

1 Like

I actually started this project trying to use two legged auth, but I’ve struggled through every step of it. I’m more of a hardware engineer and have almost zero programming knowledge, but I’m working for a startup and we’re trying to keep up with our industry technologically.