Re: [cisco-voip] Azure to Webex User Provisioning and Tokens
The following may be a possibility to programatically update the SecretToken: https://stackoverflow.com/questions/54484428/how-to-update-secret-token-property-in-azure-ad-synchronization-api Basically a HTTP PUT, so just a matter of figuring out the authentication to the Azure API & getting the GUID of the servicePrincipal and it should just be a few of lines of Python etc. Stephen On 7 Aug 2019, at 21:35, Anthony Holloway wrote: Ok, so it's one-liner to pull an OAuth token from my webex account for an integration which doesn't exist (or at least, it doesn't require me to create one first, nor does it create one for me). Since there is nothing to look at, after the link is processed, it almost seems like a better idea to create the integration on https://developer.webex.com/my-apps, obtain the token, so that I have something to look at/reference later for this integration. Also, if I'm not mistaken, since Azure is not going to ask for a refresh token then, this will forever be a task that we manually perform every year, right? Perhaps someone will get fancy and write middleware to refresh the token and push it into Azure, but I'm not even sure if Azure exposes an API to update that field. On Wed, Aug 7, 2019 at 12:05 PM Ryan Ratliff (rratliff) mailto:rratl...@cisco.com>> wrote: The URL is just a shortcut way to get an OAuth token for the integration. You can easily do the same thing via the API if you had to. Look at the URL itself: https://idbroker.webex.com/idb/oauth2/v1/authorize Here are the parameters for the GET request (leaving the %-encoded characters because I’m lazy): response_type=token client_id= redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fcode scope=spark%3Apeople_read%20spark%3Apeople_write%20Identity%3ASCIM state=this-should-be-a-random-string-for-security-purpose You can see the definitions of the parameters at https://developer.webex.com/docs/integrations. A given integration can have only one OAuth token at a time, so if you regenerate your token by logging into that URL then it will invalidate any previous ones. The web page isn’t going away, it’s just the URL the OAuth generation redirected you to when it generated your token, which happens to include your token. It’s non-developer speak for “don’t close your browser until you copy that token”, and worst case, generate a new one. Ryan Ratliff Manager, Cisco Cloud Collaboration TAC Standard Business Hours: 8:00AM-5:00PM EDT Email: rratl...@cisco.com<mailto:rratl...@cisco.com> Office: +1 919-476-2081 Mobile: +1-919-225-0448 Cisco U.S. Contact Numbers: +1-800-553-2447 or +1-408-526-7209 From: cisco-voip mailto:cisco-voip-boun...@puck.nether.net>> on behalf of Anthony Holloway mailto:avholloway%2bcisco-v...@gmail.com>> Date: Wednesday, August 7, 2019 at 12:32 PM To: Matthew Loraditch mailto:mloradi...@heliontechnologies.com>> Cc: cisco-voip list mailto:cisco-voip@puck.nether.net>> Subject: Re: [cisco-voip] Azure to Webex User Provisioning and Tokens Thank you for that confirmation. It's concerning to me that the note below the URL says: "We recommend that you paste this value into a text file and save it, so that you have a record of the token in case the URL is not available any more." Considering the token expires every 365 days. I sure hope the URL is available in the future. On Wed, Aug 7, 2019 at 11:26 AM Matthew Loraditch mailto:mloradi...@heliontechnologies.com>> wrote: FWIW the Cisco documents say the same thing: https://help.webex.com/en-us/aumpbz/Synchronize-Azure-Active-Directory-Users-into-Cisco-Webex-Control-Hub Matthew Loraditch Sr. Network Engineer p: 443.541.1518 w: www.heliontechnologies.com<http://www.heliontechnologies.com/> | e: mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com> <http://www.heliontechnologies.com/> <https://facebook.com/heliontech> <https://twitter.com/heliontech> <https://www.linkedin.com/company/helion-technologies> From: cisco-voip mailto:cisco-voip-boun...@puck.nether.net>> On Behalf Of Anthony Holloway Sent: Wednesday, August 7, 2019 12:18 PM To: Cisco VoIP Group mailto:cisco-voip@puck.nether.net>> Subject: [cisco-voip] Azure to Webex User Provisioning and Tokens I'm using the following link: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/cisco-webex-provisioning-tutorial And in step 6 it describes how to obtain the secret token from Cisco, to input into Azure. It notes that the token is valid for 365 days, however, in my testing it's looking like it might be 30 days. The resulting URL from step 6 has a URI parameter of: expires_in=31535999 Which if you treat it as seconds, then it's 365 days, so the URL seems to match the document. I'm wondering if there is anyone with experience on this topic, before I put some serious t
Re: [cisco-voip] Azure to Webex User Provisioning and Tokens
Ok, so it's one-liner to pull an OAuth token from my webex account for an integration which doesn't exist (or at least, it doesn't require me to create one first, nor does it create one for me). Since there is nothing to look at, after the link is processed, it almost seems like a better idea to create the integration on https://developer.webex.com/my-apps, obtain the token, so that I have something to look at/reference later for this integration. Also, if I'm not mistaken, since Azure is not going to ask for a refresh token then, this will forever be a task that we manually perform every year, right? Perhaps someone will get fancy and write middleware to refresh the token and push it into Azure, but I'm not even sure if Azure exposes an API to update that field. On Wed, Aug 7, 2019 at 12:05 PM Ryan Ratliff (rratliff) wrote: > The URL is just a shortcut way to get an OAuth token for the integration. > > > > You can easily do the same thing via the API if you had to. > > > > Look at the URL itself: > > https://idbroker.webex.com/idb/oauth2/v1/authorize > > > > Here are the parameters for the GET request (leaving the %-encoded > characters because I’m lazy): > > response_type=token > > client_id= > > redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fcode > > scope=spark%3Apeople_read%20spark%3Apeople_write%20Identity%3ASCIM > > state=this-should-be-a-random-string-for-security-purpose > > > > You can see the definitions of the parameters at > https://developer.webex.com/docs/integrations. > > > > A given integration can have only one OAuth token at a time, so if you > regenerate your token by logging into that URL then it will invalidate any > previous ones. > > The web page isn’t going away, it’s just the URL the OAuth generation > redirected you to when it generated your token, which happens to include > your token. > > It’s non-developer speak for “don’t close your browser until you copy that > token”, and worst case, generate a new one. > > > > Ryan Ratliff > > Manager, Cisco Cloud Collaboration TAC > > Standard Business Hours: 8:00AM-5:00PM EDT > Email: rratl...@cisco.com > > Office: +1 919-476-2081 > > Mobile: +1-919-225-0448 > > Cisco U.S. Contact Numbers: +1-800-553-2447 or +1-408-526-7209 > > > > *From: *cisco-voip on behalf of > Anthony Holloway > *Date: *Wednesday, August 7, 2019 at 12:32 PM > *To: *Matthew Loraditch > *Cc: *cisco-voip list > *Subject: *Re: [cisco-voip] Azure to Webex User Provisioning and Tokens > > > > Thank you for that confirmation. > > > > It's concerning to me that the note below the URL says: > > > > "We recommend that you paste this value into a text file and save it, so > that you have a record of the token in case the URL is not available any > more." > > > > Considering the token expires every 365 days. I sure hope the URL is > available in the future. > > > > On Wed, Aug 7, 2019 at 11:26 AM Matthew Loraditch < > mloradi...@heliontechnologies.com> wrote: > > FWIW the Cisco documents say the same thing: > https://help.webex.com/en-us/aumpbz/Synchronize-Azure-Active-Directory-Users-into-Cisco-Webex-Control-Hub > > > > > > > > *Matthew Loraditch*** > > *Sr. Network Engineer* > > p: *443.541.1518* <443.541.1518> > > w: *www.heliontechnologies.com* <http://www.heliontechnologies.com/> > > | > > e: *mloradi...@heliontechnologies.com* > > [image: Helion Technologies] <http://www.heliontechnologies.com/> > > [image: Facebook] <https://facebook.com/heliontech> > > [image: Twitter] <https://twitter.com/heliontech> > > [image: LinkedIn] <https://www.linkedin.com/company/helion-technologies> > > *From:* cisco-voip *On Behalf Of *Anthony > Holloway > *Sent:* Wednesday, August 7, 2019 12:18 PM > *To:* Cisco VoIP Group > *Subject:* [cisco-voip] Azure to Webex User Provisioning and Tokens > > > > I'm using the following link: > > > > > https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/cisco-webex-provisioning-tutorial > > > > > And in step 6 it describes how to obtain the secret token from Cisco, to > input into Azure. > > > > It notes that the token is valid for 365 days, however, in my testing it's > looking like it might be 30 days. > > > > The resulting URL from step 6 has a URI parameter of: > > > > expires_in=31535999 > > > > Which if you treat it as seconds, then it's 365 days, so the URL seems to > match the document. > > > > I'm wondering if there is anyone with experience on this topic, before I > put some serious time in with TAC. > > > > Thanks much! > > > > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Azure to Webex User Provisioning and Tokens
You mean like, “what’s this big red button do?” --- Lelio Fulgenzi, B.A. | Senior Analyst Computing and Communications Services | University of Guelph Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1 519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca> www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook [University of Guelph Cornerstone with Improve Life tagline] From: cisco-voip On Behalf Of Anthony Holloway Sent: Wednesday, August 7, 2019 12:30 PM To: Cisco VoIP Group Subject: Re: [cisco-voip] Azure to Webex User Provisioning and Tokens I should have also mentioned, every time I access the URL in step 6, I get a different Secret Token. It would be good to know if this action is invalidating the previous tokens, or if they're all active for 365 days. Since we cannot stop Admins from accessing that URL, I'd hope it's the latter, but I fear its the former. All it would take is one curious Admin to click on the link in the document, and inadvertently break the integration. On Wed, Aug 7, 2019 at 11:17 AM Anthony Holloway mailto:avholloway%2bcisco-v...@gmail.com>> wrote: I'm using the following link: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/cisco-webex-provisioning-tutorial And in step 6 it describes how to obtain the secret token from Cisco, to input into Azure. It notes that the token is valid for 365 days, however, in my testing it's looking like it might be 30 days. The resulting URL from step 6 has a URI parameter of: expires_in=31535999 Which if you treat it as seconds, then it's 365 days, so the URL seems to match the document. I'm wondering if there is anyone with experience on this topic, before I put some serious time in with TAC. Thanks much! ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Azure to Webex User Provisioning and Tokens
The URL is just a shortcut way to get an OAuth token for the integration. You can easily do the same thing via the API if you had to. Look at the URL itself: https://idbroker.webex.com/idb/oauth2/v1/authorize Here are the parameters for the GET request (leaving the %-encoded characters because I’m lazy): response_type=token client_id= redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fcode scope=spark%3Apeople_read%20spark%3Apeople_write%20Identity%3ASCIM state=this-should-be-a-random-string-for-security-purpose You can see the definitions of the parameters at https://developer.webex.com/docs/integrations. A given integration can have only one OAuth token at a time, so if you regenerate your token by logging into that URL then it will invalidate any previous ones. The web page isn’t going away, it’s just the URL the OAuth generation redirected you to when it generated your token, which happens to include your token. It’s non-developer speak for “don’t close your browser until you copy that token”, and worst case, generate a new one. Ryan Ratliff Manager, Cisco Cloud Collaboration TAC Standard Business Hours: 8:00AM-5:00PM EDT Email: rratl...@cisco.com Office: +1 919-476-2081 Mobile: +1-919-225-0448 Cisco U.S. Contact Numbers: +1-800-553-2447 or +1-408-526-7209 From: cisco-voip on behalf of Anthony Holloway Date: Wednesday, August 7, 2019 at 12:32 PM To: Matthew Loraditch Cc: cisco-voip list Subject: Re: [cisco-voip] Azure to Webex User Provisioning and Tokens Thank you for that confirmation. It's concerning to me that the note below the URL says: "We recommend that you paste this value into a text file and save it, so that you have a record of the token in case the URL is not available any more." Considering the token expires every 365 days. I sure hope the URL is available in the future. On Wed, Aug 7, 2019 at 11:26 AM Matthew Loraditch mailto:mloradi...@heliontechnologies.com>> wrote: FWIW the Cisco documents say the same thing: https://help.webex.com/en-us/aumpbz/Synchronize-Azure-Active-Directory-Users-into-Cisco-Webex-Control-Hub Matthew Loraditch Sr. Network Engineer p: 443.541.1518 w: www.heliontechnologies.com<http://www.heliontechnologies.com/> | e: mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com> [Helion Technologies]<http://www.heliontechnologies.com/> [Facebook]<https://facebook.com/heliontech> [Twitter]<https://twitter.com/heliontech> [LinkedIn]<https://www.linkedin.com/company/helion-technologies> From: cisco-voip mailto:cisco-voip-boun...@puck.nether.net>> On Behalf Of Anthony Holloway Sent: Wednesday, August 7, 2019 12:18 PM To: Cisco VoIP Group mailto:cisco-voip@puck.nether.net>> Subject: [cisco-voip] Azure to Webex User Provisioning and Tokens I'm using the following link: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/cisco-webex-provisioning-tutorial And in step 6 it describes how to obtain the secret token from Cisco, to input into Azure. It notes that the token is valid for 365 days, however, in my testing it's looking like it might be 30 days. The resulting URL from step 6 has a URI parameter of: expires_in=31535999 Which if you treat it as seconds, then it's 365 days, so the URL seems to match the document. I'm wondering if there is anyone with experience on this topic, before I put some serious time in with TAC. Thanks much! ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Azure to Webex User Provisioning and Tokens
Thank you for that confirmation. It's concerning to me that the note below the URL says: "We recommend that you paste this value into a text file and save it, so that you have a record of the token in case the URL is not available any more." Considering the token expires every 365 days. I sure hope the URL is available in the future. On Wed, Aug 7, 2019 at 11:26 AM Matthew Loraditch < mloradi...@heliontechnologies.com> wrote: > FWIW the Cisco documents say the same thing: > https://help.webex.com/en-us/aumpbz/Synchronize-Azure-Active-Directory-Users-into-Cisco-Webex-Control-Hub > > > > > > > Matthew Loraditch > Sr. Network Engineer > p: *443.541.1518* <443.541.1518> > w: *www.heliontechnologies.com* <http://www.heliontechnologies.com/> | > e: *mloradi...@heliontechnologies.com* > [image: Helion Technologies] <http://www.heliontechnologies.com/> > [image: Facebook] <https://facebook.com/heliontech> > [image: Twitter] <https://twitter.com/heliontech> > [image: LinkedIn] <https://www.linkedin.com/company/helion-technologies> > *From:* cisco-voip *On Behalf Of *Anthony > Holloway > *Sent:* Wednesday, August 7, 2019 12:18 PM > *To:* Cisco VoIP Group > *Subject:* [cisco-voip] Azure to Webex User Provisioning and Tokens > > > > I'm using the following link: > > > > > https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/cisco-webex-provisioning-tutorial > > > > > And in step 6 it describes how to obtain the secret token from Cisco, to > input into Azure. > > > > It notes that the token is valid for 365 days, however, in my testing it's > looking like it might be 30 days. > > > > The resulting URL from step 6 has a URI parameter of: > > > > expires_in=31535999 > > > > Which if you treat it as seconds, then it's 365 days, so the URL seems to > match the document. > > > > I'm wondering if there is anyone with experience on this topic, before I > put some serious time in with TAC. > > > > Thanks much! > > > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Azure to Webex User Provisioning and Tokens
I should have also mentioned, every time I access the URL in step 6, I get a different Secret Token. It would be good to know if this action is invalidating the previous tokens, or if they're all active for 365 days. Since we cannot stop Admins from accessing that URL, I'd hope it's the latter, but I fear its the former. All it would take is one curious Admin to click on the link in the document, and inadvertently break the integration. On Wed, Aug 7, 2019 at 11:17 AM Anthony Holloway < avholloway+cisco-v...@gmail.com> wrote: > I'm using the following link: > > > https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/cisco-webex-provisioning-tutorial > > > And in step 6 it describes how to obtain the secret token from Cisco, to > input into Azure. > > It notes that the token is valid for 365 days, however, in my testing it's > looking like it might be 30 days. > > The resulting URL from step 6 has a URI parameter of: > > expires_in=31535999 > > Which if you treat it as seconds, then it's 365 days, so the URL seems to > match the document. > > I'm wondering if there is anyone with experience on this topic, before I > put some serious time in with TAC. > > Thanks much! > > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Azure to Webex User Provisioning and Tokens
FWIW the Cisco documents say the same thing: https://help.webex.com/en-us/aumpbz/Synchronize-Azure-Active-Directory-Users-into-Cisco-Webex-Control-Hub Matthew Loraditch Sr. Network Engineer p: 443.541.1518 w: www.heliontechnologies.com | e: mloradi...@heliontechnologies.com From: cisco-voip On Behalf Of Anthony Holloway Sent: Wednesday, August 7, 2019 12:18 PM To: Cisco VoIP Group Subject: [cisco-voip] Azure to Webex User Provisioning and Tokens I'm using the following link: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/cisco-webex-provisioning-tutorial And in step 6 it describes how to obtain the secret token from Cisco, to input into Azure. It notes that the token is valid for 365 days, however, in my testing it's looking like it might be 30 days. The resulting URL from step 6 has a URI parameter of: expires_in=31535999 Which if you treat it as seconds, then it's 365 days, so the URL seems to match the document. I'm wondering if there is anyone with experience on this topic, before I put some serious time in with TAC. Thanks much! ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Azure to Webex User Provisioning and Tokens
I'm using the following link: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/cisco-webex-provisioning-tutorial And in step 6 it describes how to obtain the secret token from Cisco, to input into Azure. It notes that the token is valid for 365 days, however, in my testing it's looking like it might be 30 days. The resulting URL from step 6 has a URI parameter of: expires_in=31535999 Which if you treat it as seconds, then it's 365 days, so the URL seems to match the document. I'm wondering if there is anyone with experience on this topic, before I put some serious time in with TAC. Thanks much! ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip