[cisco-voip] Azure to Webex User Provisioning and Tokens

Ryan Ratliff (rratliff) rratliff at cisco.com
Wed Aug 7 13:05:02 EDT 2019 

The URL is just a shortcut way to get an OAuth token for the integration.

You can easily do the same thing via the API if you had to.

Look at the URL itself:
https://idbroker.webex.com/idb/oauth2/v1/authorize

Here are the parameters for the GET request (leaving the %-encoded characters because I’m lazy):
response_type=token
client_id=<some text>
redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fcode
scope=spark%3Apeople_read%20spark%3Apeople_write%20Identity%3ASCIM
state=this-should-be-a-random-string-for-security-purpose

You can see the definitions of the parameters at https://developer.webex.com/docs/integrations.

A given integration can have only one OAuth token at a time, so if you regenerate your token by logging into that URL then it will invalidate any previous ones.
The web page isn’t going away, it’s just the URL the OAuth generation redirected you to when it generated your token, which happens to include your token.
It’s non-developer speak for “don’t close your browser until you copy that token”, and worst case, generate a new one.

Ryan Ratliff
Manager, Cisco Cloud Collaboration TAC
Standard Business Hours: 8:00AM-5:00PM EDT
Email: rratliff at cisco.com
Office: +1 919-476-2081
Mobile: +1-919-225-0448
Cisco U.S. Contact Numbers: +1-800-553-2447 or +1-408-526-7209

From: cisco-voip <cisco-voip-bounces at puck.nether.net> on behalf of Anthony Holloway <avholloway+cisco-voip at gmail.com>
Date: Wednesday, August 7, 2019 at 12:32 PM
To: Matthew Loraditch <MLoraditch at heliontechnologies.com>
Cc: cisco-voip list <cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] Azure to Webex User Provisioning and Tokens

Thank you for that confirmation.

It's concerning to me that the note below the URL says:

"We recommend that you paste this value into a text file and save it, so that you have a record of the token in case the URL is not available any more."

Considering the token expires every 365 days.  I sure hope the URL is available in the future.

On Wed, Aug 7, 2019 at 11:26 AM Matthew Loraditch <MLoraditch at heliontechnologies.com<mailto:MLoraditch at heliontechnologies.com>> wrote:
FWIW the Cisco documents say the same thing: https://help.webex.com/en-us/aumpbz/Synchronize-Azure-Active-Directory-Users-into-Cisco-Webex-Control-Hub



Matthew Loraditch​
Sr. Network Engineer
p: 443.541.1518<tel:443.541.1518>
w: www.heliontechnologies.com<http://www.heliontechnologies.com/>
 |
e: MLoraditch at heliontechnologies.com<mailto:MLoraditch at heliontechnologies.com>
[Helion Technologies]<http://www.heliontechnologies.com/>
[Facebook]<https://facebook.com/heliontech>
[Twitter]<https://twitter.com/heliontech>
[LinkedIn]<https://www.linkedin.com/company/helion-technologies>
From: cisco-voip <cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net>> On Behalf Of Anthony Holloway
Sent: Wednesday, August 7, 2019 12:18 PM
To: Cisco VoIP Group <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Subject: [cisco-voip] Azure to Webex User Provisioning and Tokens

I'm using the following link:

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/cisco-webex-provisioning-tutorial

And in step 6 it describes how to obtain the secret token from Cisco, to input into Azure.

It notes that the token is valid for 365 days, however, in my testing it's looking like it might be 30 days.

The resulting URL from step 6 has a URI parameter of:

expires_in=31535999

Which if you treat it as seconds, then it's 365 days, so the URL seems to match the document.

I'm wondering if there is anyone with experience on this topic, before I put some serious time in with TAC.

Thanks much!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190807/5b25ef39/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 9410 bytes
Desc: image001.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190807/5b25ef39/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 432 bytes
Desc: image002.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190807/5b25ef39/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 562 bytes
Desc: image003.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190807/5b25ef39/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 445 bytes
Desc: image004.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190807/5b25ef39/attachment-0003.png>

More information about the cisco-voip mailing list