07-06-2020 10:46 AM
I would like to make a request to https://finesse-domain/desktop/sso/token from another domain (not the finesse-domain from the request). I am able to do this from Postman but it results in a CORS issue from the browser. I don't get CORS problems when making other Finesse requests from the browser.
Is there a way to configure CORS to work with /desktop/sso/token?
Is there a way to configure a redirect URL for the /desktop/sso/token request to get the token to a page hosted on my domain?
Is there another way to get a bearer token (and later refresh that token) that can be used in REST requests to Finesse?
Solved! Go to Solution.
07-08-2020 09:22 AM
Hi,
After talking to the Finesse team, they stated that the SSO APIs do not support CORS.
As workaround for now. they suggested to host an html page in 3rdpartygadget location and load them on their webpage which can then make a request to desktop sso apis in same domain.
Thanx,
Denise
07-06-2020 11:19 AM
Hi,
What version of Finesse are you using? CORS is supported, but needs to be turned on for 12.5: https://developer.cisco.com/docs/finesse/#!cors-support-for-finesse-rest-apis
As far as I know, this is the only way to get the bearer token.
Thanx,
Denise
07-06-2020 12:12 PM
07-07-2020 11:50 AM
Hi,
Not that I am aware of. I will reach out to the Finesse team to check.
Thanx,
Denise
07-08-2020 09:22 AM
Hi,
After talking to the Finesse team, they stated that the SSO APIs do not support CORS.
As workaround for now. they suggested to host an html page in 3rdpartygadget location and load them on their webpage which can then make a request to desktop sso apis in same domain.
Thanx,
Denise
07-08-2020 10:06 AM
07-08-2020 10:48 AM
Hi,
Unfortunately I am not an expert in SSO, but if you are able to get the token directly from the Cisco Identity Service, I don't see why there would be a problem. From my understanding, the Finesse SSO APIs are just a wrapper around getting it from the Identity service anyways.
Thanx,
Denise
01-13-2022 01:15 AM
Hello Nick, I am in same situation where I need to directly communicate to IDS with out using JDK. I was able to reverse engineer and get to a point where I could get the auth code. However , unable to find the next set of URL to do a post to get the token. Can you please let me the Http verb, URL and payload you used for token and refresh token ?
01-20-2022 05:24 AM
@Praveen.Vyapaka : sorry to interject with a curveball, I find myself in a similar situation (I have l/p of a user I want to login, and my app is C# and headless). You said you got the auth code. How did you do that?
01-20-2022 09:27 PM
01-25-2022 11:07 AM - edited 01-25-2022 11:17 AM
Sounds promising.
Not sure I'm missing something for the authorization_code though. So I made the first request:
GET https://srvccx12.nxodev.intra:8553/ids/v1/oauth/authorize?client_id=clientId %myclientid%&redirect_uri=https://localhost:8187&response_type=code&state=myapp
%myclientid% is a client I registered on the Cisco Identity service, along with the redirect_uri.
The response I get seems to be the ADFS page. So how do I get the authorization_code from that in programmatic fashion? If I call the url from the browser, then log into the ADFS server, after login, I see the request being made in my browser to the redirect_uri with state and code in the uri:
https://localhost:8187/?state=pmgr&code=%some code here%
I'm assuming the %some code here% is the authorization_code.. but now I got that using a GUI. my app won't be having a GUI. So how did you manage to get the authorization_code programmatically?
If I take the %some code here% from the browser response, and try the POST to
https://srvccx12.nxodev.intra:8553/ids/v1/oauth/access_token
It asks for a lot more parameters than you gave. It wants grant_type (value: authorization_code), client_id (same as for the GET request), code (code returned from GET request), and redirect_uri.. but once all that has been entered, it bitches about invalid_client.
01-26-2022 09:47 AM
To get the auth code , you will need to provide a redirect URl where it posts the auth cod to. You will need to fetch it from there. For the second call to get token, make sure you include a basic auth header and pass the client id as the username, password can be left blank.
01-30-2022 07:51 AM
>>o get the auth code , you will need to provide a redirect URl where it posts the auth cod to.
I'm doing that, my first request does include a redirect URI
GET https://srvccx12.nxodev.intra:8553/ids/v1/oauth/authorize?client_id=clientId %myclientid%&redirect_uri=https://localhost:8187&response_type=code&state=myapp
But, this is a GET. Why would this trigger a POST (by whom? my ADFS) back to my redirect_uri? redirect_uri in my experience (using Open ID connect authentication on Okta, ADFS and AzureAD) is the URI I'm being redirected back to after successfully authenticating (on Okta, ADFS, AzureAD). Yes, the response will contain a code. But this login that's a manual process. I'm not getting any codes automatically.
Any chance you could record a login session on your end, strip out the sensitive bits (e.g. value of auth header) and share so I can see what I'm really missing? I don't get how this is supposed to work (I'm using OpenID connect in my apps and I know how that works.. but something seems to be very different).
04-14-2023 01:29 AM
Hi @stephan.steiner
I am facing the same issue.
Were you able to find any solution?
06-20-2022 02:33 AM
Hi Praveen,
We are kind of stuck with the same problem, We have Web Client and we can't use IDS SDK. We need to authenticate users on the web application.
We now have the IDS URL for Fetch / Refresh Token. However, IDS and Finesse both have different domains and when we try to call the IDS API (from our web client ) or from Finesse (Hosting a page on 3rdparty ) we received the CORS Issue because IDS is on a different server.
How do you have resolved this problem?
Appreciate your response in this regard
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide