3

I'm building a 3rd party app to authenticate with Contact Center Express. The documentation is necessary, but insufficient to accomplish this. For example,

https://developer.cisco.com/docs/contact-center-express/#!cisco-identity-service-client-sdk-guide/during-agent-login

// Get Access Token for the received Authorization Code
String redirectURI = config.getRedirectUri();
AccessToken token = client.getAccessToken(authCode, redirectURI);

When and where do you redirect the user to Contact Center to authenticate? I observed that Finesse will redirect the user to

https://contactcenter.example.com:8553/ids/v1/oauth/authorize?redirect_uri=https%3A%2F%2Ffinesse.example.com%3A443%2Fdesktop%2Fsso%2Fauthcode&client_id=8a75xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&state=aHR0cHM6Ly92bS1mLWZpbi1hLmRldi5pbi5zcGluc2NpLmNvbS9kZXNrdG9wL2pfaWRlbnRpdHlfY2hlY2s%2FZXJyb3I9dHJ1ZQlhcHBsb2dpbg%3D%3D&response_type=code

But where is it specified to use the identity service (IDS) path /ids/v1/oauth/authorize? And is state a required parameter? And does the IDS SDK handle the callback path /desktop/sso/authcode? I imagine that it doesn't but what are the parameters that will be sent to it? I'm using Spring framework.

Am I to reverse engineer the whole process, or is there additional documentation that I am missing?

Even after I receive an OAuth token, how would I use it to make other REST calls to other Cisco products? The Finesse REST APIs only mention HTTP basic authentication. There is no mention of headers for "Authorization: Bearer" tokens.

https://developer.cisco.com/docs/finesse/#!sign-in-to-finesse/sign-in-to-finesse

Chloe
  • 25,162
  • 40
  • 190
  • 357
  • I currently don't have any UCCX setup to test it, but as per documentation it looks like the rest API only supports basic authentication, adding the header `Authorization: username:password` encoded in base64. If it supports OAuth (which I'm not sure), you can try with the `Authorization: Bearer ` – Alex Roig Aug 23 '18 at 17:50
  • @AlexRoig OK I tried accessing user info from Finesse with a bearer token, but I got an XML error message (which is more than I usually get): `The user specified in the authentication credentials and the uri don't match`. – Chloe Aug 23 '18 at 23:43

1 Answers1

3

I had to reverse engineer it following all the redirects.

@Controller
public class SSOController {

    @Autowired
    private IdSClientConfigurationImpl config;

    @Autowired 
    private IdSClient client;

    @PostMapping("/login")
    public String login(@RequestParam(name="user", required=true) String user) {
        // redirect the user to the Cisco Contact Center Express Identity Service
        String redirectURI = config.getRedirectUri();
        String clientId = config.getClientId();

        URI uri = UriComponentsBuilder
                .fromUriString("https://contact-center-express:8553/ids/v1/oauth/authorize")
                .queryParam("redirect_uri", "{redirect_uri}")
                .queryParam("client_id", "{client_id}")
//              .queryParam("state", "{state}") // base64 encoded
                .queryParam("response_type", "code")
                .build(redirectURI, clientId);
        return "redirect:"+uri.toString();
    }

    @GetMapping("/idscallback")
    public String idscallback(
            @RequestParam(name="code", required=true) String code, 
            @RequestParam(name="state", required=false) String state,
            HttpSession session) throws IdSClientException {

        // Get Access Token for the received Authorization Code
        String redirectURI = config.getRedirectUri();
        AccessToken token = client.getAccessToken(code, redirectURI); // why do I need redirectURI when it's already redirected?
        String accessTokenString = token.getAccess_token();
        session.setAttribute("token", accessTokenString);
//      model.addAttribute("token", accessTokenString);     
        return "redirect:/";
    }

And in a bean far, far away...

    @Bean
    public IdSClientConfigurationImpl config() throws IOException, IdSClientException {
        ClassPathResource idsclientResource = new ClassPathResource("idsclient.properties");
        IdSClientConfigurationImpl config = new IdSClientConfigurationImpl(idsclientResource.getFile().getPath());
//      IdSClientConfigurationImpl config = new IdSClientConfigurationImpl("src/main/resources/idsclient.properties");
        config.load();
        return config;
    }

    @Bean
    public IdSClient setupIdsClient() throws IOException, IdSClientException {
        IdSClient client = IdSClientFactory.getIdSClient();
        client.setTLSContext(createSSLTrustManager(), createHostnameVerifier());
//      client.setTLSContext(arg0, arg1) // use secure trust manager and hostname verifier in production
        client.init(config);
        return client;
    }

    private X509TrustManager createSSLTrustManager() {
        X509TrustManager tm = new TrustAllX509TrustManager();
        return tm;  
    }

    private HostnameVerifier createHostnameVerifier() {
        HostnameVerifier hv = new SkipAllHostNameVerifier();
        return hv;
    }
Chloe
  • 25,162
  • 40
  • 190
  • 357