Generating an external login URL

  1. Authenticate to the cloud platform via the Python shell.

    The following variables should be available now:

    >>> base_url  # the base URL of the API
'<the data center URL>/api/2'
>>> auth  # the 'Authorization' header value with the access token
{'Authorization': 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImMwMD...'}
>>> tenant_id  # the UUID of the tenant to which the token provides access
'ede9f834-70b3-476c-83d9-736f9f8c7dae'

  2. Define a variable named ott_data, and then assign the one-time token data to this variable:

    >>> ott_data = {
...     "login": "johncustomer@mysite.com",
...     "purpose": "user_login",
... }

    Name

    Value type

    Required

    Description

    login

    string

    Yes (if external_id and user_id are not specified)

    User account login in the cloud platform.

    purpose

    string

    Yes

    Purpose of the login. The only available option is user_login.

    external_id

    string

    Yes (if login and user_id are not specified)

    External user account UUID (if the user was registered using available identity provider).

    user_id

    UUID string

    Yes (if login and external_id are not specified)

    User account UUID in the cloud platform.

  3. Convert the ott_data object to a JSON text:

    >>> ott_data = json.dumps(ott_data, indent=4)
>>> print(ott_data)
{
    "login": "johncustomer@mysite.com",
    "purpose": "user_login"
}

  4. Send a POST request with the JSON text to the /idp/ott endpoint:

    >>> response = requests.post(
...     f'{base_url}/idp/ott',
...     headers={'Content-Type': 'application/json', **auth},
...     data=ott_data,
... )

  5. Check the status code of the response:

    >>> response.status_code
200

    Status code 200 means that the token has been successfully issued.

    Note

    A different status code means that an error has occurred. For details of the error, see HTTP status response codes and API error codes.

    Also, the response body contains the one-time token, formatted as a JSON text. When converted to an object, it will look like this:

    >>> pprint.pprint(response.json())
{'ott': 'T1RUAQAAAG8-AAAAAAAATxLwKLZ0RMaVZ3GEk4JUMw=='}

    Important

    A one-time token can be used only once and it is valid for 30 seconds after it was generated.

  6. Store the one-time token in a variable:

    >>> ott = response.json()['ott']

  7. URL encode the one-time token:

    >>> from urllib.parse import quote
>>> ott = quote(ott)

  8. Define a variable and store a URL to which the user will be redirected. As an example, the backup console URL will be used:

    >>> target_uri = 'https://mc-beta-cloud.acronis.com/bc/'

  9. The external login URL must lead to the /idp/external-login endpoint and contain ott and targetURI as query string parameters. Form the link using the variables above and open it to log in to the service:

    >>> sso_link = f'{base_url}/idp/external-login#ott={ott}&targetURI={target_uri}'
>>> sso_link
'https://mc-beta-cloud.acronis.com/api/2/idp/external-login#ott=T1RUAQAAAG8-AAAAAAAATxLwKLZ0RMaVZ3GEk4JUMw%3D%3D&targetURI=https://mc-beta-cloud.acronis.com/bc/'