hwang | 2024-03-13 15:51:24 UTC | #1
I logged into the Genesys web API using a username, password, organization name, and a six-digit multi-factor authentication code. If I am using the Genesys Developer tool, can I log in with the following Python code using those username, password, organization name, and code? Or do I need to request a different grant from IT?
It seems that without VPN, it pops out error: 400 client not found. With VPN, it pops out error: rejected by remote users.
My Python code:
import os import sys import time import PureCloudPlatformClientV2 from PureCloudPlatformClientV2.rest import ApiException
print('-------------------------------------------------------------') print('- Execute Bulk Action on recordings-') print('-------------------------------------------------------------')
Credentials
CLIENTID = "xxxxx" CLIENTSECRET = "xxxxx" orgName = "xxx" encodedsamlassertion = "xxxxxx"
ORGREGION = "uswest2" # eg. useast_1
Set environment
region = PureCloudPlatformClientV2.PureCloudRegionHosts[ORGREGION] PureCloudPlatformClientV2.configuration.host = region.getapi_host()
body = PureCloudPlatformClientV2.EdgeNetworkDiagnosticRequest() # EdgeNetworkDiagnosticRequest | request payload to get network diagnostic body.host = "The IP or host you want to ping"
print('connecting')
OAuth when using Client Credentials
apiclient = PureCloudPlatformClientV2.apiclient.ApiClient().getsaml2bearertoken(CLIENTID, CLIENTSECRET, orgName, encodedsamlassertion) authApi = PureCloudPlatformClientV2.AuthorizationApi(apiclient) print(authApi.getauthorizationpermissions().tojson()) print('finish')
tim.smith | 2024-03-13 15:58:14 UTC | #2
It's a bit unclear exactly what you're doing in each scenario, technically speaking.
You can find documentation on the supported OAuth grant types in this area of the site, and specifically a description of which to use when here: https://developer.genesys.cloud/authorization/platform-auth/#authorization-types.
Genesys Cloud has no knowledge of or interest in your local network connections; all public-facing Genesys Cloud APIs are exposed publicly to the internet so that is all that is required. How your IT department chooses to give you access to internet resources is up to them.
hwang | 2024-03-13 16:16:43 UTC | #3
Hi Tim,
Are my username and password are the Client ID and Client Secret? Can I login developer tool via Python using my existing Client ID and Client Secret, orgName, multi-factor authentication code? Or I need to request what other permissions?
My Platform API Admin does not have OAuth option. In the tutorial, there have a Admin -> OAuth to setup OAuth login access code. But I don't have OAuth Option in the Admin page.
hwang | 2024-03-13 16:30:44 UTC | #4
I logged in the Genesys via username, password, org, and a Authenticator's code, Am I using SAML2-Bearer Grant for OAuth2 authentication? Is this a good method to log in with python SDK or other SDK? Should I ask for additional grants?
hwang | 2024-03-13 16:43:29 UTC | #5
Full Error message
MaxRetryError: HTTPSConnectionPool(host='login.usw2.pure.cloud', port=443): Max retries exceeded with url: /oauth/token (Caused by ProtocolError('Connection aborted.', ConnectionResetError(10054, 'An existing connection was forcibly closed by the remote host', None, 10054, None)))
tim.smith | 2024-03-13 16:43:58 UTC | #6
hwang, post:3, topic:25172
Are my username and password are the Client ID and Client Secret?
No. A user has a username and password. A client credentials OAuth client has a client ID and client secret. Users must use user-based OAuth flows (anything but the client credentials flow), and client credentials must use the client credential OAuth flow.
hwang, post:3, topic:25172
Can I login developer tool via Python using my existing Client ID and Client Secret, orgName, multi-factor authentication code?
The developer tools on the Developer Center (e.g. API Explorer) uses the implicit grant. This only supports users logging in. You can find documentation about using this feature here: https://developer.genesys.cloud/devapps/about/account-switcher.
hwang, post:3, topic:25172
Or I need to request what other permissions?
Permissions are documented with each endpoint in API Explorer. To learn more about administering permissions, see the Resource Center article https://help.mypurecloud.com/articles/about-people-permissions/.
hwang, post:3, topic:25172
My Platform API Admin does not have OAuth option. In the tutorial, there have a Admin -> OAuth to setup OAuth login access code. But I don't have OAuth Option in the Admin page.
If you don't have permissions to administer OAuth clients in your org, you will need to work with your org's administrators to get that access or to have them configure what you need for you.
hwang, post:4, topic:25172
I logged in the Genesys via username, password, org, and a Authenticator's code, Am I using SAML2-Bearer Grant for OAuth2 authentication?
That's not something I can tell you. That's something only you know by looking at the configuration of your OAuth client. Its configured type is whatever you (or someone in your org) set it as.
hwang, post:4, topic:25172
Is this a good method to log in with python SDK or other SDK? Should I ask for additional grants?
It depends entirely on your use case. See the link provided above for information on the different grant types and which to use when.
hwang | 2024-03-13 16:51:21 UTC | #7
Thank you Tim for your quick response. I will work with my Administrators and see.
tim.smith | 2024-03-13 17:20:59 UTC | #8
hwang, post:5, topic:25172
MaxRetryError: HTTPSConnectionPool(host='login.usw2.pure.cloud', port=443): Max retries exceeded with url: /oauth/token (Caused by ProtocolError('Connection aborted.', ConnectionResetError(10054, 'An existing connection was forcibly closed by the remote host', None, 10054, None)))
Given your comment about issues with your VPN from your original post and this error, I would recommend contacting your IT team about this to troubleshoot your network. There aren't any ongoing issues (see https://status.mypurecloud.com/), so an inability for a client to establish a connection is almost certainly not a problem on the Genesys Cloud side of the connection. Your IT team may be interested in these articles:
Greg_Walters1 | 2024-03-28 19:15:03 UTC | #9
Hi Tim, I don't know what I need to put for the encodedsamlassertion
apiclient = PureCloudPlatformClientV2.apiclient.ApiClient().getsaml2bearertoken(clientid, client_secret, "companyId", encodedsamlassertion???)
I thought it might be the Base64 encoded user/password from this page How to Use Base 64 Encoding (genesys.cloud)
but that did not work.
Please advise. Thanks, Greg
tim.smith | 2024-03-28 19:40:08 UTC | #10
@Greg_Walters1 the SAML assertion comes from your SAML provider. Details on how you actually get it would be found in your SAML provider's integration documentation.
Greg_Walters1 | 2024-04-03 18:54:50 UTC | #11
We are using Genesys Cloud CX. How do we know who are SAML provider is? Is that something internal. Sorry, I am not a security guy.
tim.smith | 2024-04-03 18:57:21 UTC | #12
Yes, it's something you provide. You can find the documentation for SSO here: https://help.mypurecloud.com/articles/about-single-sign-on-sso/.
If you have additional questions about implementing authorization in your app, please create a new topic with information about your inquiry. Thanks!
tim.smith | 2024-04-03 18:57:26 UTC | #13
This post was migrated from the old Developer Forum.
ref: 25172