media.listAction() API call returns ks


I use the AngularJS framework :

log_in_service is a service I created for managing the user authentication. I define in it functions to authenticate, get and set the users credentials and save them in the browser.

This variable will contain the list of media that we will get from the media.listAction() call :
$scope.list_of_videos = [];

This function sets the result returned by media.listAction() in the above variable :

        $scope.set_list_of_videos = function(results){
                    $scope.list_of_videos = results;
                    console.log('set_list_of_videos : We have now the list of videos !');

This function is a promise. It calls the media.listAction() API and returns the result got from the API call.

$scope.get_list_videos_promise = function(client){
console.log(‘Entered get_list_videos_promise function’)
var deferred = $q.defer();

        var filter = new KalturaMediaEntryFilter();

        var pager = new KalturaFilterPager();

        console.log('get_list_videos_promise : media.listAction call');, results) {
          if (!success || (results && results.code && results.message)) {
            console.log('Kaltura Error', success, results);
          } else {
              console.log('get_list_videos_promise : ks used = ' + log_in_service.get_ks_user());
            console.log('Kaltura Result for media.listAction', results);
        }, filter, pager);

        return deferred.promise;

In this IF-ELSE, I check whether or not the user is already registered.
If the user is not connected, I call first the user authentication form, save the username and ks in the browser when the authentication is succesful, afterwards I make the call for the media list.
Otherwise I call directly the media list API.
In both cases I create a new client and use the ks saved in the browser.

if(log_in_service.get_ks_user() === ''){
            console.log('the user is not logged in');
                                            console.log('logging successful and credentials saved in browser!');
                                             var config = new KalturaConfiguration(2086441);
                                            config.serviceUrl = '';
                                            var client = new KalturaClient(config);

                                                                                console.log("Couldn't get the list of videos");
                                            console.log('The log in process has failed : ' + error);
            console.log('the user is already logged in')
            var config2 = new KalturaConfiguration(2086441);
            config2.serviceUrl = '';
            var client2 = new KalturaClient(config);
                                                console.log("Couldn't get the list of videos");

Here are 2 screenshots.
The first one corresponds to the first time when I load the page and user is not connected.
Then the user connects herself using the authentication form. The username and ks are saved in the browser.

The second one corresponds to when the user is already authenticated (ks saved in browser) and I refresh the page.

You can see on the second screenshot that the media.listAction() returns a string looking like a KS, and not the media list object as in the first screenshot.

Also can you please explain me more about the appToken concept.

I read that session.start is not the most secured way to get a KS, especially on the client side, because we make visible the SECRET code.

The best way is to, according the doc, use user.loginByLoginId (I use user.login). Isn’t it ?

Thanks for you help !