SAML Token to JS Api

Herlander_Pires · October 30, 2017, 5:35pm

Hello,

I'm getting an auth token via SAML, and then i want to use that token to access purecloud via JavaScript API.

_client.setAccessToken(<saml token via https://login.mypurecloud.ie/oauth/token>);

The problem is the Access-Control-Allow-Origin error.

Is there any way to have Implicit Grant on Javascript using the SAML2 Bearer token that i get via rest?

Best regards.

Herlander Pires

Daniel_Grosso · October 31, 2017, 12:54pm

Hello Tim.

How are u?

As u probably realized Herlander is working with us in a PureCloud implementation.

We finally managed to get an oauth token using a SAML assertion as described in

https://developer.mypurecloud.com/forum/t/adfs-oauth-saml2-bearer-authentication/1777

We were now trying to use the JS SDK with this token.

As u said on a different post:

The client credentials option is in the JavaScript SDK because the SDK is built for both node.js and browsers. When used in a browser, the client credentials login won't work. When used in node, the implicit grant won't work.

This means that we cannot use the SDK on the browser side with a SAML token? If that's the case, we will need to code the AJAX calls to the REST API, are we right?

Thanks in advance.
Best regards,
Daniel

tim.smith · October 31, 2017, 3:25pm

The implicit grant and SAML 2 Bearer grant are different grant types, so they can't be substituted for one another.

You're probably getting CORS errors because your configured redirect URLs don't include the origin you're making requests from. I'm guessing this is because the server exchanging the SAML assertion for an auth token is not the same server/URL that's making the API requests using the token. Whatever the origin is for where the API requests are being made needs to be added as a redirect URI in the oauth application config.

No, a SAML grant and a client credentials grant are two different grant types and are unrelated.

Daniel_Grosso · October 31, 2017, 5:03pm

Hello Tim.

U were absolutely right on the CORS issue. The URI's weren't correct in the redirect settings.

Once we fixed that, the SDK worked fine.

const platformClient = require('platformClient'); 
var client = platformClient.ApiClient.instance;
client.setEnvironment('mypurecloud.ie');
client.setPersistSettings(true, '');
client.setAccessToken(<SAML TOKEN>);

Meaning, we able to use the SDK with a SAML obtained token afterall. Do u foresee any flaw on this approach?

Thanks again

Regards,
Daniel

tim.smith · October 31, 2017, 5:04pm

No, that's one of the intended use cases for allowing you to provide an existing token to the SDK.

system · December 1, 2017, 5:04pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.