Forum Discussion

irach15's avatar
irach15
Maven
5 years ago

cUrl call to get data

hey, sorry for simple questions to all API gurus 😉 I just started using cUrl for getting API data, somehow after working years as Admin and Dev never has been needed... Being said, I want to unde...
irach15's avatar
irach15
Maven
5 years ago

SuzieH 

nope, no luck

I found lots of Khoros cookies (note: had to search for Khoros not Lithium...) but not SSO one.

Still has no idea where and how to get SSO token.

Any help?

StanGromer's avatar
StanGromer
Boss
5 years ago

I'm admittedly out of my own depth here but saw this and figured I'll throw it out there - Could you not just create a normal user in Khoros (outside of SSO), make them an admin, thus bypassing the need to worry about SSO/the token at all?

Again, I may just be totally misunderstanding all of this, but we have multiple 'service' users who exist outside of SSO which handle integrations between various systems outside of Khoros.

  • SuzieH's avatar
    SuzieH
    Khoros Alumni (Retired)
    5 years ago

    irach15 I think, Stan's suggestion is the way to go. Is there a reason that you need/want to use the SSO token? When I brought up your issues with one of our Services team members, (and asked if you could use a non-sso account for your testing instead) he had this to say:

    Lithium/Khoros SSO tokens are single-use. So if it’s already been processed by the UI (i.e. they logged into Community already), then they won’t be able to use it for logging into the API.

    Assuming they have access to the encryption key (I sure hope so if they’re trying to login to the API…) they can just use the Khoros SSO library directly to generate a token for API use and then pass that to the API

    The main benefit of the sso token approach is for account provisioning and user attribute syncing. But if they don’t need that, non-sso account is the way to go

    The only other perk of SSO token that comes to mind, and I’ve see this with a customer or two… if they need to “switch” users via API, as in to perform actions as an end-user. You can only “switch” by login name, and we sometimes have SSO customers with non-unique login names (not good). So with the sso token you can get around that by generating an sso token for the user you want to authenticate as.