I am writing an automation which will automate all manual tasks like creation of user from particular customer, adding pagerduty from specific customer etc. One of the requirement is that this automation should authenticate and authorize the user who is running this automation. This is how my automation will run.
/usr/bin/python automation.py –operation useradd –customername customer1 –userdata ‘anuj:mailto:anujk@vmware.com’ –username anujk –password ‘password’
What have I done so far:
- Created one small flask web application. Logged in site24x7 api console and create web client as application. Provided name, callback url etc. It gave me client ID and secret
- Open web app in browser and click on authorize hyperlink. This will give access token.
Step2 is manual activity and I don’t want to use selenium because automation user may not have selenium python package installed. Therefore, I want to avoid step 2.
Automation should work as follow.
- Automation should take credential as input
- It should make a curl call which should yield access token
I want to achieve step2.
any help will be much appreciated.
Hi Anuj,
The main reason for using OAuth is to avoid sharing account credential with any third-party application. So each user need to manually approve your application via Zoho Accounts, our SSO service, at least once so that you can make api call in their name. You have to store the refresh token that you have received in your web application for reusing.
If the users are going to run the automation via terminal individually, they can hard code or pass the refresh token as an argument to the script.
Thillai.
Hi Thillai,
This idea helped me. So here is how i am trying to make it.
1- user will allow web app to access site24x7. This will generate a refresh token. Backend logic will collect refresh token and UserID/username/ and store in DB.
2- when user will run automation web app's backend will get userid/username ==> do a lookup in DB ==> find refresh token ==> generate access token using refresh token.
I am facing issue while getting userID/username. Can you please help me on this.
My application is Flask application. I am getting below details but not userID
print request.args
ImmutableMultiDict([('state', u'14fac8d9-c848-464d-a5ca-684141333225'), ('code', u'1000.29562ed10bf27738a81d222aaf1c2703.2f844f1b6128485d220c40af8225de56'), ('location', u'us'), ('accounts-server', u'accounts.zoho.com')])
Hi Anuj,
Seems some of the code got lost in formatting. Can you share again?
Thillai.
Hi Thillai,
As you said, New user will hit web app url in browser, click on "Allow access" and then web app will generate refresh token. I am able to to this. Now, I am trying to achieve in linux machine which is having only cli. No browser. Do you have any code snippet to achieve this thru python script?
Hi Anuj,
Do you want to generate refresh token via python or to make api call with the already generated refresh token?
If you have registered your Client as "Web based", then you can use it to generate refresh token only via web application. You can check whether "Non-browser Mobile Application" client option is useful.
https://www.zoho.com/accounts/protocol/oauth/limited-input-devices.html
Instead of the app loading the url in a browser, it will show an verification URL and code to the user, which the user has to load in browser and approve.