Attendee authorization and identification via URL for Conferences i/o Apps
What is this and why would I use it?
Allows you to pass identification and authorization data for attendees via URL query string variables. It’s a simple way to integrate attendee information from another data source, like an event app, to save attendees from having to enter duplicate information.
Show me how it works
This functionality works through a querystring in the URL for your app. Here’s an example:
The first part of the querystring, “identify”, tells Conferences i/o that you want to initiate the URL identification routine. Subsequent variables are mapped to the user object that exists in Conferences i/o. A full list of URL parameters is available below, and you can also do some neat things like pass a shared App or Moderation password.
After the identification routine runs, the URL is reloaded without the querystring, meaning that the querystring will not remain visible to the attendee.
Default identification and authorization parameters
Note: All of the following parameters are optional.
|Name||Maps to attendee name field|
|field1||Maps to attendee custom field #1|
|field2 ||Maps to attendee custom field #2|
|field3 ||Maps to attendee custom field #3|
|field4 ||Maps to attendee custom field #4|
|field5 ||Maps to attendee custom field #5|
|app_password||If your app uses an App Password, you can submit it here so that the Attendee does not have to enter it.|
|moderator_password||Will authenticate attendee as a moderator. URL must point to a Session.|
|admin_password||Will authenticate attendee as an administrator.|
|cnf_id||A unique identifier for an attendee. ( See the section on this below for more information.)|
How does Conferences i/o know what “field1”, “field2”, etc, are?
These fields are the “Attendee Required Fields” which are editable in the administration area of your App. If you’ve defined Attendee Required Field #1 as “Email Address”, and you pass an attendee’s email address as field1 in the identification querystring, Conferences i/o will map that email address and provide it under the appropriate heading in any reporting.
Additional parameters, and customized data
In some cases, you may not be able to customize the field names passed to Conferences i/o, or you may want more fields available in data exporting. Any additional parameters passed via URL will also be mapped to the user object in Conferences i/o, and can be made available to data exporting. The specific fields referenced above are, however, the only ones that can be mapped to Conferences i/o’s Attendee Required Fields.
Customized user identifiers
The cnf_id field available as a URL parameter does more than just pass a private user identifier, it also makes it possible to authenticate to a particular user profile. In a more advanced use case, you might have multiple attendees using the same device, or the same attendee using multiple devices. If you pass a cnf_id parameter as part of the identification routine ( in the URL), Conferences i/o will recognize this and assign that profile to the attendee when they join.
This functionality obviously raises concerns if you use identifiers that expose business logic ( like incrementing numbers), so we recommend using universally unique identifiers (UUID), or hashed identifiers, when passing cnf_id via URL.
Can this data be spoofed?
Yes. Because there is no signing request, someone could spoof identification data by altering the querystring variables. If security is important to our organization, we recommend using one of our more secure approaches to authorizing and identifying users. Please contact firstname.lastname@example.org for more information about these alternatives.