Re: UCCX 12.5 3rd party gadget No longer accepting auth after SU2 upgr

pmayer00111 · ‎09-28-2022

We recently upgraded our UCCX environment from 12.5.1 SU1 to SU2 ES3. Since this upgrade, one of our 3rd party gadgets has ceased authenticating correctly. I opened a TAC case for this issue and was directed to the devnet community here.
The code snippet used for authorization is here:

getTeams = function()
{
// Make REST call
_clientLogs.log("getTeams called (with config info) ");
var config = finesse.gadget.Config;
var _ipTeam = "http://" + config.host + ":8082";
var url = _ipTeam + "/finesse/api/Teams?guid=" + generateUUID();
_clientLogs.log("url: " + url);
try
{
var params = {};
params[gadgets.io.RequestParameters.METHOD] = gadgets.io.MethodType.GET;
params[gadgets.io.RequestParameters.HEADERS] = {};
params[gadgets.io.RequestParameters.HEADERS]["Authorization"] = _token;
gadgets.io.makeRequest(encodeURI(url), getTeamsHandler,params);
}
catch(err)
{
_clientLogs.log("**getTeams() error: " + err);
_teamsLoaded = true;
}
}

The "_token" variable contains "Basic [base64 encoded username:password]".
Previous to the upgrade this gadget was working without issue. After the upgrade, browser console logs show that the gadget is trying to use the base64 encoded credentials for the logged in agent instead of the credentials configured in the gadget.js code.

Were there any changes in SU2 that would affect how the 3rd party gadget uses the authorization header?

dhiarumu · ‎09-29-2022

Hi

Apparently there is nothing changed on this area. I was trying to use this sample gadget by just replacing the line 381 of the sample js file.

https://github.com/CiscoDevNet/finesse-sample-code/blob/master/UpdateCallVariableDataSampleGadget/UpdateCallVariableDataSampleGadget-Finesse-11.0.1-v1.0.zip

var config = finesse.gadget.Config;
config.authorization = "asdfasdF";

And, I could see the gadget.io.makeRequest is using the new authorization than the default one and fails with 401 as expected.

But, just curious to know, why do you want to use the custom auth header, by default finesse sets auth header based on the type of the agent (for SSO bearer and for Non-SSO agent Basic) dynamically.

pmayer00111 · ‎10-03-2022

Hello, dhiarumu.

I appreciate the reply. This code is used in a 3rd party gadget that was coded for us by an outsourced vendor a number of years ago. It was working up until the SU2 upgrade. Now I am in the difficult situation of trying to understand the gadget code and fix it as the vendor we used is no longer an option.

The intent of the gadget is to pull agent status across all the team in our Contact Center. However, since the logging in agent is only a supervisor of a single team using the agent credentials would only show status for the team over which they are a supervisor. So the gadget uses hard-coded credentials placed in the auth header for a service account that has the "Reporting User" role, rather than giving the "Reporting User" role to all the managers that use the gadget.

I will try changing the authorization method to the sample gadget's method and report back.

Thank you.
-Patrick Mayer

jozefnad · ‎09-29-2022

Just use something like this:

"Authorization" : finesse.utilities.Utilities.getAuthHeaderString(finesse.gadget.Config)

UCCX 12.5 3rd party gadget No longer accepting auth after SU2 upgrade.