I know Autodesk Forge "Object Storage Service" (OSS) requires a 2-legged security token...
I already use a 3-legged token to access Forge "Project Service" and "Data Service" APIs: is it possible to convert or request a 2-legged token from a 3-legged token?
If you try to use a 3-legged token with OSS you get a invalid token error.
I would like to avoid using two different authentication at the same time...
Thanks!
Unfortunately token exchange is not possible - I checked the oAuth 2.0 specification, and I don't think the flow you describe is a valid flow anyway. Remember 2 legged is for application credentials, whereas 3 legged is to access a specific user content.
No, a 2-legged token gives you the access to developer's resources. A 3-legged token gives you access to the logged in user's resources. They are not designed to be interchangeable.
Related
Am trying to access forge api endpoint using 2- legged authentication token, but at certain point of time my token becomes invalid or expired. Is that any option to refresh/ increase token expire time in 2- legged authentication process?
For 2-legged token, once they expire, you have no choice but to request another one. That being said, I think this will be managed for you if you use one of the forge/design-automation sdk.
This question pertains to the Autodesk Forge TokenFlex Usage API. We would like to run an application that pulls data on a scheduled basis. Our understanding is that the Forge TokenFlex API requires 3 Legged authentication. We have successfully adapted the Autodesk GitHub code sample "A Forge Python Script Demonstrating new TokenFlex Usage API" to pull our data but this requires 3-Legged Authentication.
Is there a way to pull data using the TokenFlex Usage API without requiring user intervention for Authentication?
Unfortunately TokenFlex requires 3 legged auth for enhanced security purposes.
However you can minimize user intervention but rotating the token periodically in your backend using the refresh_token that comes with the token to get refreshed tokens implicitly and store them securely (encryption recommended for security reasons) where your script can use them, see here for details
I am currently following "Upload Files to BIM 360 Document Management" and I'm stuck on step 6 where I'm suppose to upload to the client's bucket using 3-legged access token.
So...am I doing something wrong for step 6, or the guide is outdated?
From reading the PUT buckets/:bucketKey/objects/:objectName documentation, only 2-legged access token can access this API.
expected:
200 (and whatever json data it returns)
actual:
403
{
"reason": "Only 2 legged service tokens are allowed to access this api."
}
Unfortunately some of the OSS (bucket) endpoints only support 2 legged auth and PUT Object is obviously one of them so you will need another 2 legged token for the upload...
The guide is not exactly outdated but apparently that's an oversight there...
I'm the administrator of a Bim360 Docs Hub,and i'm trying to retrieve some data from the forge API. I've already created a test app, and i get a Bim 360 Account Id.
I'm not able to get an authentication bearear token (OAuth), to make simple get requests towards projects.
Where do i get the auth token ?
Thanks
See tutorial here to aquire OAuth tokens and note that you will need different permutations of OAuth scopes (esp. data:read data:write etc.) for different operations, as is specified in the docs of each and every API, see an example here.
You may use a RESTful client like Postman to talk to our APIs and manage the authentication flow and operate on response data with JavaScript as you like so as to build workflows such as to create a new project.
Last but not least before you can access BIM360 APIs make sure you provision access to your app.
I have tried the endpoints to get projects and users with a three legged token, and in both cases I get a 403 with a response body that looks like:
{
"code": 1003,
"message": "Only support 2 legged access token."
}
This seems unequivocal, but doesn't seem to be consistent with the API documentation. Is access really only available using a 2 legged token or have I missed something?
Just to be clear, the endpoints I'm playing with are:
GET https://developer.api.autodesk.com/hq/v1/accounts/:account_id/projects
and
GET https://developer.api.autodesk.com/hq/v1/accounts/:account_id/users
The documentation states "Must be Bearer , where is obtained via OAuth", but there is no mention that only two legged authentication tokens are supported.
Yes, they are BIM360 HQ APIs (well known as Account Admin APIs), part of BIM360 API as I mentioned in the comment above.
Unfortunately, Account Admin APIs only allow access with 2 legged access token now. In contrast, other APIs like Issues, RFIs, and Checklists support 3 legged access token and 3 legged access token with the uid.
Note:
Keyword user context required in the Authentication Context of the documentation means that it requires acting with a 3-legged OAuth token or a 2-legged OAuth token with user impersonation.
Keyword app only means that it supports 2-legged OAuth token only.