Authenticating API with SSO

  • 1
  • Question
  • Updated 2 days ago
I am trying to make a C# console app (using the .NET SDK provided you) to automatically upload some data to ShareFile quarterly. My company uses SSO to login to ShareFile, and I am having trouble getting the API Authentication to work.

From what I can tell by reading other threads, it would appear that since we are using SSO on an organizational level, that there is no way to avoid the user having to enter data into a login form?

Is this correct? The goal of this console application is to run at night with no user input at all.

Would love any direction you could give me

Thanks

PS. Id be more than happy to provide my client_id, etc in a private email with support staff if that would help
Photo of Aaron

Aaron

  • 2 Posts
  • 0 Reply Likes

Posted 1 week ago

  • 1
Photo of Simon Fairey

Simon Fairey

  • 6 Posts
  • 0 Reply Likes
Hi,

Not sure if it helps but when we setup access from a web app once a user has manually logged in you can store the OAuth token and then when it expires just refresh it. So after the initial manual login the process should be able to run unattended.

Not sure if SSO throws a spanner in the works though. I can post some code if it'll help?

Si
(Edited)
Photo of Aaron

Aaron

  • 2 Posts
  • 0 Reply Likes
thanks for the reply! not sure if SSO will stop it, but Ill try any code you feel like posting :)
Photo of Simon Fairey

Simon Fairey

  • 6 Posts
  • 0 Reply Likes
Hi,

Actually I need to think about this and just about to head out so will post some code tomorrow but the issue is we use a redirect back to our website (you need this redirect for the OAuth to work) then once we have the OAuth JSON data we store that in a DB and then console based apps can use it. Not sure whether you can create a small webapp just to handle the initial authorisation to get the JSON token?

Si
PS: Not sure if you can use curl to get the JSON token, well I know you can, but not sure if that gives you the refresh token, can't remember off the top of my head!
(Edited)
Photo of Simon Fairey

Simon Fairey

  • 6 Posts
  • 0 Reply Likes
So currently we use a web based OAuth mechanic but I think for you you'd want to use this part from the SDK:

Password Authentication: Requires the consumer perform ShareFile account discovery, which is not currently documented. In order to complete this authentication the consumer will must know usernamepasswordsubdomain, and applicationControlPlane. In the sample below, these are assumed to have been obtained already.

  var sfClient = new ShareFileClient("https://secure.sf-api.com/sf/v3/");
  var oauthService = new OAuthService(sfClient, "[clientid]", "[clientSecret]");

  var oauthToken = await oauthService.PasswordGrantAsync(username,
    password, subdomain, applicationControlPlane);

  sfClient.AddOAuthCredentials(oauthToken); 
  sfClient.BaseUri = oauthToken.GetUri();

If you have a user in ShareFile whose credentials you can use to connect then you can create an OAuth key - https://api.sharefile.com/rest/oauth2-request.aspx and then use the aforementioned user to upload the files.

If this isn't doable because you don't have said user and SSO prevents this then you could go down the approach of creating a small web app with a single page that uses the web based authorisation pop up then stores the OAuth token as JSON somewhere central. 

The console app can then use that by converting the JSON into a valid token and it can silently refresh the token if it expires so you'd only need to run the web app once or again if the user you use revokes the OAuth permissions.

I can potentially help you with this (web app approach) if you get stuck but as my delayed response implies I'm rather busy currently!
(Edited)