|
Added a WebSocket Endpoint Specifically for Remote Access
To ensure only Remote Access Client (RAC) connections can connect and perform RAC activities on a ThingWorx Platform endpoint, a new WebSocket endpoint has been added to the ThingWorx Platform. This new endpoint enhances security for RAC connections and, more generally, provides additional options in managing edge connectivity. The feature includes:
• A new single-use authentication key, called a nonce key. This WebSocket accepts nonce keys only when authenticating a connection. The nonce key is not persisted to the database and is removed from the platform as soon as possible after it either is used or expires.
• A new ThingWorx Temporary WebSocket (TWS) endpoint on the ThingWorx Platform to handle short-lived, user traffic. This WebSocket is created and available when the ThingWorx Platform starts. It uses the ThingWorx AlwaysOn protocol and accepts only nonce keys when authenticating a connection.
• Updated ThingWorx Remote Access Client and Remote Access Extension to use the new endpoint and nonce key.
Tracking Numbers:
• TW-67305 — Changed /WS, /TWS, WSTunnelClient, /and TWTunnelServer endpoints to use nonce key if one is presented for authentication.
• TW-67290 — Added a task that runs every 30 seconds, removing any nonce keys that are not valid because they either expired or were used.
• TW-67282 — Added the /TWS WebSocket endpoint for transient user traffic that only accepts nonce keys.
• TW-67283 — Created the single-use nonce key.
|