Getting User Information After SSO Authentication (UDS API With SSO Token)

ilyageller · ‎09-03-2020

Hello,

I'm building a 3rd party app that utilizes the CUCM SSO process so that users can change their information and settings using UDS API, in a similar way to the Self Care Portal.

The authentication process works just fine, as in, I redirect the user to the /sso/oauth/authorize page, then they perform authentication on the IdP page, and I get a valid access token to a callback, just like the the guide specified in the following page .

Now I have ran into a problem:

Since the authentication is performed on the IdP page, and not on mine, I don't have access to the user_id of the user that just logged in. I only have an access token that is used in API requests to validate the request.

Now, to use the UDS API, I need to send requests to

/cucm-uds/user/{userid}

but as I mentioned, I don't have the {userid} to add to the link, and I have no idea how to get it programatically.

Note: In testing, when I manually add the {userid} in the url (because I know the user I'm testing with), and add the access token, the request succeeds and everything works.

I just need to know how to get the {userid} in the process, or after getting the SSO access token.

Unfortunately the guides don't elaborate on this step, and the only example app provided (here ) requires manually entering the username AND the access token to construct the API request.

I know that getting the user id is possible because the CCM Admin page and the Self Care Portal both automatically display your username once you are logged in but I can't get how they do that.

I inspected the network requests of the Self Care Portal in the log in process and found a request to:

/ucmuser/loggedInUser

This is apparently an internal self care portal API that just returns magically the user id of the logged in user. But how do they get it?? There is also absolutely no documentation on this topic.

I'm desparate for help and will appreciate any hints/guidance.

Thank you and sorry for the long post!

dstaudt · ‎09-03-2020

I can't find a mechanism within UDS itself to retrieve the ID if you don't have it already (i.e. by asking the user interactively.)
I suspect this is a minor(?) design oversight carried over from the addition of SSO support.

You can probably continue to use the /ucmuser/loggedInUser workaround indefinitely with some confidence.

ilyageller · ‎09-04-2020

Hi thanks for the reply.

I cannot use /ucmuser/loggedInUser from my app because of cross-origin issues, this url has to be called from within the self care portal window, unless you can tell me how to get around that.

Is there any way to find out how exactly /ucmuser/loggedInUser retrieves the username? ( I guess not since its not open-sourced).

As for asking the user for the username interactively, this might work, but i'd prefer to make the process automatic without unnecessary user input.

dstaudt · ‎09-04-2020

I guess the workaround would be to have the client send the access code to the server side (unless yours is a pure SPA..?), where you could make the /ucmusers/loggedInUser request without CORS worries...

I've made some inquiries with the UDS team to see if they have any suggestions, and to capture an enhancement request to add a /cucm-uds/users/me resource.