Generating an external login URL

  1. Authenticate to the cloud platform via the Python shell.

    The following variables should be available now:

    >>> base_url  # the base URL of the API
    '<the data center URL>/api/2'
    >>> auth  # the 'Authorization' header value with the access token
    {'Authorization': 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImMwMD...'}
    >>> tenant_id  # the UUID of the tenant to which the token provides access
    'ede9f834-70b3-476c-83d9-736f9f8c7dae'
    
  2. Define a variable named ott_data, and then assign the one-time token data to this variable:

    >>> ott_data = {
    ...     "login": "johncustomer@mysite.com",
    ...     "purpose": "user_login",
    ... }
    

    Name

    Value type

    Required

    Description

    login

    string

    Yes (if external_id and user_id are not specified)

    User account login in the cloud platform.

    purpose

    string

    Yes

    Purpose of the login. The only available option is user_login.

    external_id

    string

    Yes (if login and user_id are not specified)

    External user account UUID (if the user was registered using available identity provider).

    user_id

    UUID string

    Yes (if login and external_id are not specified)

    User account UUID in the cloud platform.

  3. Convert the ott_data object to a JSON text:

    >>> ott_data = json.dumps(ott_data, indent=4)
    >>> print(ott_data)
    {
        "login": "johncustomer@mysite.com",
        "purpose": "user_login"
    }
    
  4. Send a POST request with the JSON text to the /idp/ott endpoint:

    >>> response = requests.post(
    ...     f'{base_url}/idp/ott',
    ...     headers={'Content-Type': 'application/json', **auth},
    ...     data=ott_data,
    ... )
    
  5. Check the status code of the response:

    >>> response.status_code
    200
    

    Status code 200 means that the token has been successfully issued.

    Note

    A different status code means that an error has occurred. For details of the error, see HTTP status response codes and API error codes.

    Also, the response body contains the one-time token, formatted as a JSON text. When converted to an object, it will look like this:

    >>> pprint.pprint(response.json())
    {'ott': 'T1RUAQAAAG8-AAAAAAAATxLwKLZ0RMaVZ3GEk4JUMw=='}
    

    Important

    A one-time token can be used only once and it is valid for 30 seconds after it was generated.

  6. Store the one-time token in a variable:

    >>> ott = response.json()['ott']
    
  7. URL encode the one-time token:

    >>> from urllib.parse import quote
    >>> ott = quote(ott)
    
  8. Define a variable and store a URL to which the user will be redirected. As an example, the backup console URL will be used:

    >>> target_uri = 'https://mc-beta-cloud.acronis.com/bc/'
    
  9. The external login URL must lead to the /idp/external-login endpoint and contain ott and targetURI as query string parameters. Form the link using the variables above and open it to log in to the service:

    >>> sso_link = f'{base_url}/idp/external-login#ott={ott}&targetURI={target_uri}'
    >>> sso_link
    'https://mc-beta-cloud.acronis.com/api/2/idp/external-login#ott=T1RUAQAAAG8-AAAAAAAATxLwKLZ0RMaVZ3GEk4JUMw%3D%3D&targetURI=https://mc-beta-cloud.acronis.com/bc/'