FrostLine Works

Messenger admin

Configure JWT trust with WordPress and lock down this console.

First-time access: sign in as admin with password changeme, then change your password below.

Signed in as

WordPress JWT

Values must match your FLW Messenger Auth plugin (Settings → FLW Messenger).

Issuer (iss)

Audience (aud)

Algorithm

Shared secret (HS256)

CORS origins

WordPress site URL (client sign-in)

Used by the public app at /app to open the WordPress login bridge. No trailing slash required.

WebRTC ICE (STUN / TURN)

Stored in MySQL messenger_settings (never commit secrets). Used by GET /api/v1/webrtc-config (JWT). One URL per line or comma-separated. Prefer TURN REST: same shared secret as coturn static-auth-secret; the API returns time-limited username and credential per user (HMAC-SHA1). If REST secret is empty, use static username and credential below.

STUN URLs

TURN URLs

TURN REST shared secret

REST credential TTL (seconds)

Static TURN fallback (only if REST secret is not configured):

Static TURN username

Static TURN credential

Web Push (optional)

VAPID keys for browser notifications on new messages. Use Generate VAPID key pair to create keys in the browser, or paste keys from another tool. Set subject to a contact you control (usually mailto:you@example.com), then save.

VAPID public key

VAPID subject

VAPID private key

Data lifecycle

Export downloads a JSON snapshot (messages, call metadata, users, push subscription endpoints). Store it securely. Purge permanently deletes messages and call sessions older than the cutoff (UTC). Run a dry run first to see counts.

Purge older than (days)

Dry run only (no delete)

Security

Current password

New password (12+ chars, upper, lower, digit)

Sign in

WordPress JWT

WebRTC ICE (STUN / TURN)

Web Push (optional)

Data lifecycle

Security