MslReST Python OAuth1Session Authentication

[mmast]

Using the OAuth1Session module I was able to obtain an authorization token and secret, but these are temporary (which is normal) and they need approval from the web ui. I noticed there is a list of approved tokens pre-populated that I am attempting to use. However I am unable to obtain the verifier to be used for obtaining the final tokens.

I am missing something stupid simple but am currently blind to it.

The consumer name, shared secret, token id, and token secret came from https://mcaserver.tld/server-manager/django/mslrest/
This code snippet I am working on isn't complete, but it shows the place where I am currently stuck. No verifier is provided.

Code: [Select]

from requests_oauthlib import OAuth1Session as session
import requests

##Consumer information
consumer_name = 'sas_usp'
shared_secret = '...'
token_id = '...'
token_secret = '...'

##URLs
baseurl = 'https://mca.tld/mslrest'
requesturl=baseurl + '/initiate'
authurl=baseurl + '/authorize'
accesstokenurl=baseurl + '/token'
pingurl=baseurl + '/ping'

##initiate
oauth = session(consumer_name, client_secret=shared_secret)
#fetch_response  = oauth.fetch_request_token(requesturl)
#print(fetch_response)
#key = fetch_response.get('oauth_token')
#secret = fetch_response.get('oauth_token_secret')

##authorize
auth_url = oauth.authorization_url(authurl, token_id)
authresponse = oauth.parse_authorization_response(auth_url)
print(authresponse)
#verifier=authresponse.get('verifier')


#Update 1 : Updated the auth_url line in the code snippet above.

[ralph]

What product is this for?  The 3300?

[mmast]

What product is this for?  The 3300?

Correct.

Quick update, I used the python inspect and found where to add the token id to the auth_url. Sadly it still doesn't provide verifier, it just spits back the same token.

Code: [Select]

{'oauth_token': '...'}

[ralph]

This is a new one to me.  What are you creating?  I'm interested.

Ralph

[mmast]

This is a new one to me.  What are you creating?  I'm interested.

Ralph

For now I just want a programmatic way of pulling user information, but this is our gateway into further automation.

[mmast]

Looking through the OAtuh1Session module, I was able to get the following values. Very straigtforward.

Code: [Select]

FullArgSpec(args=['self', 'client_key', 'client_secret', 'resource_owner_key', 'resource_owner_secret', 'callback_uri', 'signature_method', 'signature_type', 'rsa_key', 'verifier', 'client_class', 'force_include_body'], varargs=None, varkw='kwargs', defaults=(None, None, None, None, 'HMAC-SHA1', 'AUTH_HEADER', None, None, None, False), kwonlyargs=[], kwonlydefaults=None, annotations={})
I am using the following OAuth1Session value to MslRest value mapping.
client_key > Comsumer ID
client_secret > Shared secret
resource_owner_key > Token ID
resource_owner_secret > Token secret

Code: [Select]

oauth = session(consumer_name, client_secret=shared_secret, resource_owner_key=token_id, resource_owner_secret=token_secret)However this still spits out the same during authorization. The thing is I know I don't need to complete the authorization because I already have the pre-approved tokens. The only reason I attempt to use it is to get a verifier I can use for fetching the access tokens.

If I could find the verifier I should be good.

[mmast]

Well, there I go making things more complicated than they need to be. Verifier is not needed with pre-approved keys.

Code: [Select]

#!/usr/bin/python3

from requests_oauthlib import OAuth1Session as session

##Consumer information
consumer_name = 'sas_usp'
shared_secret = '...'
token_id = '...'
token_secret = '...'

##URLs
baseurl = 'https://mca.tld/mslrest'
requesturl=baseurl + '/initiate'
authurl=baseurl + '/authorize'
accesstokenurl=baseurl + '/token'
pingurl=baseurl + '/ping'

##initiate
oauth = session(consumer_name, client_secret=shared_secret, resource_owner_key=token_id, resource_owner_secret=token_secret)

##Test connection
test = oauth.get(pingurl)
print(test.text)

Output is as follows

Code: [Select]

[ec2-user@ip-192-168-17-33 mitel]$ ./mitel.py
{"response":"pong"}


[mmast]

Well, one step forward two steps back. I am able to pull user deployment states, so at the very least I am able to get user GUIDs from
/mslrest/deployu/v1/users/deployment_status/all

However when I try to access the following endpoints
/mslrest/deployu/v1/profiles
/mslrest/deployu/v1/users
I get access denied. According the the server web ui the account has read/write access to these endpoints.

Working with our support vendor that said we have to be approved for MSA before getting further support on this. If anyone has any suggestions I am all ears.

[mmast]

I obtained MP status with Mitel and have access to their developer support. The agent working with me said they have never heard of this API, which should make this process interesting.