Fusion Manage Forum
Welcome to Autodesk’s Fusion Manage (formerly Fusion 360 Manage) Forum. Share your knowledge, ask questions, and explore popular Fusion Manage topics.
Community
Fusion Manage Forum
Welcome to Autodesk’s Fusion Manage (formerly Fusion 360 Manage) Forum. Share your knowledge, ask questions, and explore popular Fusion Manage topics.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

REST Auto-Login from first run

8 REPLIES 8
SOLVED
Back to Fusion Manage Category
Back to Topic Listing
Reply
Message 1 of 9
wangdu
Collaborator
1515 Views, 8 Replies
‎01-09-2014 07:41 AM
‎01-09-2014 07:41 AM

REST Auto-Login from first run

Hi Doug,

 

I have asked you a question couple of weeks ago about creating items. I have another question for you regarding the authentication. As I am in the middle of implementing a powershell extension, I am eager to know if it is possible to log in without having to pop up the dialog box for user login. An example would be that I have a powershell commandlet that takes the username and password as parameter e.g. 

 

PS> Login -ServerName xxxx -UserName xxxxx -Password xxxxx

 I am aware of the Auto-Login feature using the access tokens and token renewal, but, that however could give a problem if my commandlet is lets say scheduled to run in the middle of the night and the renewal token duration (14 days) is expired as well.

 

Could you please have any hints on how I could achieve it?

 

Regards,

Wangdu

Report
0 Likes
Reply
8 REPLIES 8
Message 2 of 9
Redmond.D
Autodesk
in reply to: wangdu
‎01-10-2014 03:45 AM
‎01-10-2014 03:45 AM

If the renewal token is expired then there is nothing you can do to auto-login.  You would have to have a human log in through UI. 

 

We are working to address some of these login difficulties, but I don't have any specifics at the moment.



Doug Redmond
Software Engineer
Autodesk, Inc.

Report
0 Likes
Reply
Message 3 of 9
wangdu
Collaborator
in reply to: wangdu
‎01-13-2014 06:01 AM
‎01-13-2014 06:01 AM

Thank you, Doug.

 

Would you please confirm whether the 2 days would equal 48 hours since the last request OAuth's timestamp? And if it is possible to check the validity of the access tokens by making a regular rest call?

Report
0 Likes
Reply
Message 4 of 9
Redmond.D
Autodesk
in reply to: wangdu
‎01-14-2014 06:24 AM
‎01-14-2014 06:24 AM

Yes, two days means 48 hours since the token was issued.

 

You can see the time left on an access key by making a signed GET request to /OAuth/AccessToken passing in your current token.  Just make sure not to pass in the oauth_session_handle otherwise it will renew your token.  The GET call returns a bunch of information about the token including the oauth_expires_in property, which shows how many seconds are left before the token expires.

 

 



Doug Redmond
Software Engineer
Autodesk, Inc.

Report
0 Likes
Reply
Message 5 of 9
wangdu
Collaborator
in reply to: wangdu
‎01-15-2014 11:47 PM
‎01-15-2014 11:47 PM

Hi,

 

I have tried to make use of signed GET request to /OAuth/AccessToken passing in current access token but it fails and sends back a response with oauth error message (something like absent parameter .. ). I even tried passing in the request token and it still fails with the same error response.

 

Do you have a working request where it succeeds which I can test?

 

By the way, I am using RestSharp library for the OAuth as well, and the static API for OAuth1Authenticator.ForAccessToken doesn't need session handle, it is only possible to pass the session handle to the OAuth1Authenticator.ForAccessTokenRefresh request.

 

Currently, i am checking locally the time passed since the last request and renewing the token it once it exceeds 48 hours.

 

Thanks,

 

Wangdu

Report
0 Likes
Reply
Message 6 of 9
Redmond.D
Autodesk
in reply to: wangdu
‎01-16-2014 01:04 PM
‎01-16-2014 01:04 PM

Does your call to /OAuth/AccessToken contain all the usual oauth headers (nonce, signature, etc...)?

 

For example...

oauth_nonce=d5baf3f6-5c2c-461e-8340-26f885c80640
oauth_version=1.0
oauth_signature_method=HMAC-SHA1
oauth_consumer_key=213f6e53-19fa-4b22-9bfb-5215fbfa7a93
oauth_token=36+dZ74Ig72QxyGtCA8mGJKrCxM=
oauth_timestamp=1375903880
oauth_signature=XK45m8XQE9MLVOz734VDwzbb6Ox

 

Sorry, I don't have any sample code for checking the status of the access token.

 

Personally, I use DotNetOpenAuth, so I don't know much about RestSharp classes.

 

 



Doug Redmond
Software Engineer
Autodesk, Inc.

Report
0 Likes
Reply
Message 7 of 9
wangdu
Collaborator
in reply to: Redmond.D
‎01-17-2014 05:03 AM
‎01-17-2014 05:03 AM

The request contains all the usual headers. (See below)

 

The error response:

 

HTTP/1.1 400 Bad Request
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
xoauth_problem: parameter_absent
xoauth_parameters_absent: oauth_consumer_key&oauth_token
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
p3p: CP="NON DSP CURa OUR IND UNI"
Content-Length: 157
Vary: Accept-Encoding
Date: Fri, 17 Jan 2014 11:27:24 GMT
Connection: close
xoauth_problem=parameter_absent&xoauth_parameters_absent=oauth_consumer_key&oauth_token&oauth_error_message=Missing+or+empty+Access+Token+required+parameters

 to my request:

GET https://accounts.autodesk.com/OAuth/AccessToken HTTP/1.1
Authorization: OAuth oauth_consumer_key="xxxxxxxx",oauth_nonce="n46c2747m7t7tg8k",oauth_signature="xxxxxxxxx",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1389958044",oauth_token="xxxxxxxxxxxxxxxxxxxxxx",oauth_version="1.0"

 Request was signed using consumer key, consumer secret, current access token, current access token secret

Report
0 Likes
Reply
Message 8 of 9
Redmond.D
Autodesk
in reply to: wangdu
‎01-17-2014 09:33 AM
‎01-17-2014 09:33 AM

I tried this out and am getting the same result.  Maybe I mistread the documentation and there is not any support for getting the status of an existing AccessToken.  I'll let you know if I find anything.

 

Regardless, I think the best approach is to record the timestap of when the AccessToken was issued.  Instead of hard-coding 48 hours, you can read the oauth_expires_in that comes back from when the token was issued.  That way your code is still valid if the time range changes.  The oauth_expires_in value is in seconds.



Doug Redmond
Software Engineer
Autodesk, Inc.

Report
0 Likes
Reply
Message 9 of 9
wangdu
Collaborator
in reply to: wangdu
‎01-20-2014 12:48 AM
‎01-20-2014 12:48 AM

thanks, I will make use of the oauth_expires_in of the issued token instead of hard coding 48 hours. This along with access token status would be great to handle the auto renewal of the token. Hope to hear about it.

 

Wangdu

Report
0 Likes
Reply
Reply

Can't find what you're looking for? Ask the community or share your knowledge.

Post to forums  

Autodesk Design & Make Report

Report a website issue