Then there is another behavior that I need to clarify (as to if it is a bug, or works as intended).
I can get a login ticket for a user by scheduling a meeting for them (and I can set schedulingPermission as an admin), then calling GethosturlMeeting on that meeting. It will give me the login url with ticket for the host, not the calling user (and it is described as such in the API documentation). That behavior is very useful, but it seems weird that you can't get a login ticket otherwise as an admin - so I want to clarify as to if that is a security flaw that will be patched, or works as intended - because right now I depend on that behavior.
Basically we have a setup like this:
LMS integration with WebEx.
Users may be created in WebEx, in which case the user knows their password.
Users may be created by the LMS integration, with a random password - the user doesn't know their password (but later on they could reset it).
We are trying to avoid storing any passwords (except admin) in the DB.
We use the admin user to create meetings with the user set as the hostWebExID.
We would like the user to be able to click "host meeting" and be automatically logged in, regardless of the users password. That is how GethosturlMeeting works at this time.
We would like to let users login to WebEx by clicking a link, without knowing their password (the authentication is being provided by the LMS). That doesn't seem to be possible at this time - except by hosting a meeting.
Thanks
