Forum Discussion

adaigle's avatar
adaigle
Adept
13 years ago

Credentials required to download an attachment

Hello,

 

I would like to be able to download an attachment whose url is found using to REST API with the credentials used by the REST API.
Actually, the url pointed by the api is out of the scope of to the REST API (for example http://lithosphere.lithium.com/lithium/attachments/lithium/studio@tkb/112/20/restapidocs_12_6.zip) and therefore requires to login in a browser.

 

Is there a way to use the session key or to send the credentials again directly (using user.login & user.password maybe ?) on the attachment url to be able to download it ?

  • So these actions will be occuring entirely server-to-server? Your server is essentially acting as a proxy to the user?

     

    Regarding SSO, is your community currently in the launch process or engaged in some other professional services project? If so, I'd suggest contacting your designated Project Manager to have Lithium SSO setup. Otherwise, I would suggest submitting a request via our Custom Case Portal so that our Support team can work with you to identify the proper library and to get your community configured properly.

     

    With respect to authenticating via the UI, the login form has many hidden fields which are required. If you examine the request when you login via the UI using a tool like Fiddler or HttpFox to see all of the fields that are sent when logging in. I'm not aware off-hand of any other customers that have tried this, but if you want to pursue this approach further, you'll likely need to make an initial request for the login page in order to get the hidden form data, and then make a subsequent request to submit the form data along with your credentials. Various cookies will be included in the response, which you'll then need to include in your additional requests for obtaining the attachment data.

     

    I think Lithium SSO will likely wind up being an easier approach since you'd just need to generate the SSO token on your server, and then include the cookie on the request for the attachment data.

4 Replies

  • AdamN's avatar
    AdamN
    Khoros Oracle
    13 years ago

    Hello,

     

    Is your community using Lithium Single Sign On? If so, this should be pretty easy. You would just need to set the Lithium SSO cookie in the user's browser and then when they browse to the community (to retreive the attachment), then they should be automatically logged in.

     

    If you're not using Lithium SSO, this type of approach will likely be a bit more tricky since authenticating via the REST API is separate from authenticating in the UI.

  • adaigle's avatar
    adaigle
    Adept
    13 years ago

    I don't want to open the browser at all in the process of downloading the attachments.

     

    In a community where SSO is enable, I probably need to use the LithiumSSO API to log in with a user and then pass the SSO token as a cookie. Am I right ? If so, where can I download that library ?

     

    If the community doesn't support single sign on, is there a service to log in, or do I need to send a POST HTTP request to t5/user/loginpage.userloginform.form.form.form ?

    I tried this last technique, but every time I try to send the credentials in that request, I get an Internal Server error (500). Which parameter is required ? Do you have any clue regarding that ?

  • AdamN's avatar
    AdamN
    Khoros Oracle
    13 years ago

    So these actions will be occuring entirely server-to-server? Your server is essentially acting as a proxy to the user?

     

    Regarding SSO, is your community currently in the launch process or engaged in some other professional services project? If so, I'd suggest contacting your designated Project Manager to have Lithium SSO setup. Otherwise, I would suggest submitting a request via our Custom Case Portal so that our Support team can work with you to identify the proper library and to get your community configured properly.

     

    With respect to authenticating via the UI, the login form has many hidden fields which are required. If you examine the request when you login via the UI using a tool like Fiddler or HttpFox to see all of the fields that are sent when logging in. I'm not aware off-hand of any other customers that have tried this, but if you want to pursue this approach further, you'll likely need to make an initial request for the login page in order to get the hidden form data, and then make a subsequent request to submit the form data along with your credentials. Various cookies will be included in the response, which you'll then need to include in your additional requests for obtaining the attachment data.

     

    I think Lithium SSO will likely wind up being an easier approach since you'd just need to generate the SSO token on your server, and then include the cookie on the request for the attachment data.

  • adaigle's avatar
    adaigle
    Adept
    13 years ago

    Big thanks for your help !

     

    Yes thoses actions will only occur server-to-server ;)

    I managed to sign in by extracting the form hidden inputs and cookies and I am able to retrieve the attachments that way.

     

    I'll use the SSO library for sso_enabled communities once i'll have access to the library.

     

    thanks again

    Alexandre