All Products
Search
Document Center

WUYING Workspace:GetLoginToken

Last Updated:Mar 21, 2024

Obtains logon credentials.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

ParameterTypeRequiredDescriptionExample
RegionIdstringYes

The ID of the region. You can call the DescribeRegions operation to query the most recent region list.

cn-hangzhou
ClientIdstringYes

The ID of the Alibaba Cloud Workspace client. The system generates a unique ID for each client.

f4a0dc8e-1702-4728-9a60-95b27a35****
DirectoryIdstringNo

The ID of the workspace. The parameter is the same as the OfficeSiteId parameter. We recommend that you use OfficeSiteId instead of DirectoryId. You can specify a value for either the DirectoryId parameter or the OfficeSiteId parameter, but not both.

cn-hangzhou+dir-885351****
OfficeSiteIdstringYes

The ID of the workspace.

cn-hangzhou+dir-885351****
SessionIdstringNo

The ID of the session.

  • If the virtual multi-factor authentication (MFA) device is not bound or two-factor authentication is not enabled for the client, you do not need to specify a value for SessionId.
  • If the virtual MFA device is not bound or two-factor authentication is enabled for the client, you must specify a value for SessionId to verify the user identity after you specify a value for ADPassword. The value of the SessionId parameter is returned only if the CurrentStage parameter is set to ADPassword when you call the GetLoginToken operation.
cd45e873-650d-4d70-acb9-f996187a****
CurrentStagestringNo

The logon authentication stage. Valid values:

  • ADPassword: the stage to verify the identity of the Active Directory (AD) user. You must specify the value when the system verifies the identity of a convenience account or an AD account.
  • MFABind: the stage to bind a virtual multi-factor authentication (MFA) device.
  • MFAVerify: the stage to obtain the verification code that is generated by the virtual MFA device.
  • TokenVerify: the stage to perform two-factor authentication for the client.
  • ChangePassword: the stage to change the password of the user.
  • VerifyKeepAlive: the stage to exchange the logon credential. This parameter is valid if KeepAliveToken is valid.
ADPassword
EndUserIdstringNo

The name of the convenience user or the AD user. This parameter is required if you set CurrentStage to ADPassword.

alice
PasswordstringNo

The password of the convenience user or the AD user. This parameter is required if you set CurrentStage to ADPassword.

Password1234
OldPasswordstringNo

The current password. This parameter is required if you set CurrentStage to ChangePassword.

OldPassword
NewPasswordstringNo

The new password. This parameter is required if you set CurrentStage to ChangePassword.

NewPassword
AuthenticationCodestringNo

The verification code that is generated by the virtual MFA device. This parameter is required if you set CurrentStage to MFAVerify.

47****
ClientOSstringNo

The OS that the client runs.

Windows_NT 10.0.1**** x64
ClientVersionstringNo

The version of the client. When you use an Alibaba Cloud Workspace client, you can view the client version in the About dialog box on the client logon page.

2.1.0-R-20210731.1****
TokenCodestringNo

If two-factor authentication is enabled in the Elastic Desktop Service (EDS) console and the system detects that the identity of the logon user may have security risks, the system sends a verification code for two-factor authentication to the email address of the user. This parameter is required if you set CurrentStage to TokenVerify.

63****
KeepAlivebooleanNo

Specifies whether to keep the user logged on to the client. Valid values:

  • null: Default value. Do not keep the user logged on to the client.
  • true: Keep the user logged on to the client.
  • false: Do not keep the user logged on to the client.
false
KeepAliveTokenstringNo

The token that is used to keep the user logged on to the client. After the user logs on to the client and KeepAlive is set to true, the KeepAliveToken is returned. You can call the GetLoginToken operation within the valid duration``, and set CurrentStage to VerifyKeepAlive to obtain the logon token (LoginToken). This parameter is required if you set CurrentStage to `VerifyKeepAlive```.

hide
UuidstringNo

The unique identifier of the client. When you use an Alibaba Cloud Workspace client, you can view the client version in the About dialog box on the client logon page.

C78CA9E99315687575DD2844C1F3****
ClientTypestringNo

The type of the software client.

Enumeration Value:
  • LINUX: Linux client.
  • HTML5: Linux client.
  • WINDOWS: Windows client.
  • MACOS: macOS client.
  • IOS: iOS client.
  • ANDROID: Android client.
Windows

Response parameters

ParameterTypeDescriptionExample
object

The response parameters.

Emailstring

The email address of the user. The system returns the email address in the return value of the LoginToken parameter after the user logs on to the client.

  • For a convenience user, the return value is the email address specified when the administrator creates the convenience user.
  • For an AD user, the return value is in the following format: Username@Name of the AD domain.
alice
Secretstring

The key that is generated when you bind the virtual MFA device. This parameter is required when the CurrentStage parameter is set to MFABind.

Note For more information about each authentication stage, see the parameter description of the request parameter CurrentStage.
5OCLLKKOJU5HPBX66H3QCTWYI7MH****
RequestIdstring

The ID of the request.

1CBAFFAB-B697-4049-A9B1-67E1FC5F****
EndUserIdstring

The account of the convenience user or the AD user.

alice
LoginTokenstring

The logon token.

v18101ac6a9e69c66b04a163031680463660b4b216cd758f34b60b9ad6a7c7f7334b83dd8f75eef4209c68f9f1080b****
NextStagestring

The next stage that is expected to enter. For example, if the administrator enables MFA authentication in the EDS console, MFAVerify is returned after the username and password pass the authentication (after you set CurrentStage to ADPassword stage). This indicates that the MFA authentication is required.

Note For more information about each authentication stage, see the parameter description of the request parameter CurrentStage.
MFAVerify
QrCodePngstring

The QR code that is generated when the virtual MFA device is bound. The value is encoded in Base64. This parameter can be empty. This parameter is required only when the CurrentStage parameter is set to MFABind.

Note For more information about each authentication stage, see the parameter description of the request parameter CurrentStage.
5OCLLKKOJU5HPBX66H3QCTWY******
Labelstring

The attribute of the convenience user. For an AD user, null is returned.

test:wuying
SessionIdstring

The ID of the session. The ID is returned the first time you call the GetLoginToken operation in the session. If MFA is required, you must specify this parameter in subsequent stages.

Note For more information about each authentication stage, see the parameter description of the request parameter CurrentStage.
d6ec166d-ab93-4286-bf7f-a18bb929****
Phonestring

Enter the mobile number of the convenience user. For an AD user, null is returned.

1381111****
TenantIdlong

The ID of the Alibaba Cloud account. The ID is used for hardware client authentication.

166353906220****
KeepAliveTokenstring

The token used to keep the user logged on. After the user logs on to the client and select the Keep Logon option, KeepAliveToken is returned when you call the operation. If the user does not select the Keep Logon option, null is returned.

006YwvYMsesWWsDBZnVB+Wq9AvJDVIqOY3YCktvtb7+KxMb3ClnNlV8+l/knhZYrXUmeP06IzkjF+IgcZ3vZKOyMprDyFHjCy1r27FRE/U7+geWCl8iQ+yF8GaCRHfJEkC2+ROs93HkT4tfHxyY1J8W7O7ZQGUC/cdCvm+cCP6FIy73IUuPuVR6PcKYXIpEZPW
Industrystring
Note This is a parameter only for internal use.
edu
Propsobject
Note This is a parameter only for internal use.
string
Note This is a parameter only for internal use.
{'dingUserName': u'\u674e\u66fc', 'role': 'student'}
WindowDisplayModestring
Note This is a parameter only for internal use.
mode

Examples

Sample success responses

JSONformat

{
  "Email": "alice",
  "Secret": "5OCLLKKOJU5HPBX66H3QCTWYI7MH****",
  "RequestId": "1CBAFFAB-B697-4049-A9B1-67E1FC5F****",
  "EndUserId": "alice",
  "LoginToken": "v18101ac6a9e69c66b04a163031680463660b4b216cd758f34b60b9ad6a7c7f7334b83dd8f75eef4209c68f9f1080b****",
  "NextStage": "MFAVerify",
  "QrCodePng": "5OCLLKKOJU5HPBX66H3QCTWY******",
  "Label": "test:wuying",
  "SessionId": "d6ec166d-ab93-4286-bf7f-a18bb929****",
  "Phone": "1381111****",
  "TenantId": 0,
  "KeepAliveToken": "006YwvYMsesWWsDBZnVB+Wq9AvJDVIqOY3YCktvtb7+KxMb3ClnNlV8+l/knhZYrXUmeP06IzkjF+IgcZ3vZKOyMprDyFHjCy1r27FRE/U7+geWCl8iQ+yF8GaCRHfJEkC2+ROs93HkT4tfHxyY1J8W7O7ZQGUC/cdCvm+cCP6FIy73IUuPuVR6PcKYXIpEZPW",
  "Industry": "edu",
  "Props": {
    "key": "{'dingUserName': u'\\u674e\\u66fc', 'role': 'student'}"
  },
  "WindowDisplayMode": "mode"
}

Error codes

For a list of error codes, visit the Service error codes.