Cloud API: I don't see any examples of 2FA/MFA support via API? Unable to enforce MFA and use the API?
AnsweredHas there been any update to NX Cloud to allow MFA when retrieving bearer tokens for Cloud API calls? We cannot disable MFA requirements for systems, but this seems to be completely blocking our ability to utilize the Cloud API?
-
Hello Luke,
Please refer to the Cloud API docs https://meta.nxvms.com/cdb/docs/api/v1/swagger/index.html#/ , 2FA section.
1. Get the auth code
https://nxvms.com/cdb/docs/api/v1/swagger/index.html#/OAUTH2/post_cdb_oauth2_token
2. Verify the code using 2fa
GET /cdb/account/self/2fa/totp/key/{key}
https://nxvms.com/cdb/docs/api/v1/swagger/index.html#/2FA/get_cdb_account_self_2fa_totp_key__key_
3. As usual, get access token
https://nxvms.com/cdb/docs/api/v1/swagger/index.html#/OAUTH2/post_cdb_oauth2_token
It's a kind of hacky implementation and is subject to change in the future.
The correct way would be redirecting user to the login windows for entering credentials and 2fa, returning afterward to your application.
-
Thanks for the reply Andrey Terentyev
Can you provide a curl example for the first step? Specifically what is required in the body of the request when
grant_type=authorization_code
I've been just using the grant_type of password so far. But the swagger documentation doesn't list the required body parameters to receive an auth code. I'm sending:
{"grant_type": "authorization_code","responseType":"code","client_id": "3rdParty","password": "{{password}}","username": "{{username}}"}But receiving:{"error": "invalid_request","errorClass": "badRequest","errorDetail": "112","errorText": "Missing code","error_description": "Missing code","resultCode": "badRequest"}Even the schema is confusing, mixing snake and camel case.
-
Update Andrey Terentyev I have this working now in Postman. However, is there a way to store the redirect URL with the auth code? Typically, there is an authorize endpoint that accepts a GET request with URL parameters, rather than a post to the token for the auth code.
In the swagger you linked, it references this spec in the OAuth request: https://networkoptix.atlassian.net/wiki/spaces/PM/pages/1459388473/OAUTH2+support+by+Cloud+Backend#Obtaining-access-token
But that is not accessible. Is there an alternative page to get the NX OAuth spec from?
The automated API tool that I'm working with doesn't quite support this "hacky" implementation. I may be able to work around it, but it's hard without full docs -
Well, I have this working now. I found the Nx Meta documentation, and there is an /authorize endpoint after all. This *really* needs to be added to the swagger documentation. https://nxvms.com/authorize
Also, from previous conversations, this document about the scopes provides clarity: https://meta.nxvms.com/docs/developers/knowledgebase/323-api-spec
Please sign in to leave a comment.
Comments
4 comments