We are leveraging the Cisco Jabber Web SDK (JavaScript) to enable calling functionality in a kiosk environment. Since this is a public-facing setup, users are not expected to log in manually. Instead, the application initiates calls when a user presses a dial button.

Currently, we store the Jabber user ID and password in hidden fields to facilitate automatic login, but this approach has failed our cybersecurity review due to the exposure of credentials in clear text.

Could you please advise if there is a more secure, supported method to authenticate with the Jabber Web SDK in such kiosk scenarios—ideally one that avoids storing or transmitting user credentials in plain text? For example, does the SDK support OAuth-based authentication or any token-based mechanism suitable for this use case?