Obtains the logon credential.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes GetLoginToken

The operation that you want to perform. Set the value to GetLoginToken.

ClientId String Yes f4a0dc8e-1702-4728-9a60-95b27a35****

The ID of the client.

OfficeSiteId String Yes cn-hangzhou+dir-885351****

The ID of the workspace.

RegionId String Yes cn-hangzhou

The ID of the region.

SessionId String No cd45e873-650d-4d70-acb9-f996187a****

The ID of the session.

CurrentStage String No TokenLogin

The current stage. Valid values:

  • ADPassword: verifies the information about the Active Directory (AD) user.
  • ChangePassword: changes the password of the AD user.
  • MFABind: binds a virtual multi-factor authentication (MFA) device.
  • MFAVerify: verifies the verification code that is generated by the virtual MFA device.
  • TokenLogin: obtains the logon credential.
EndUserId String No alice

The username of the convenience user or AD user. If you set CurrentStage to ADPassword, you must specify this parameter.

Password String No Password

The password of the convenience user or AD user. If you set CurrentStage to ADPassword, you must specify this parameter.

OldPassword String No OldPassword

The current password. If you set CurrentStage to ChangePassword, you must specify this parameter.

NewPassword String No NewPassword

The new password. If you set CurrentStage to ChangePassword, you must specify this parameter.

AuthenticationCode String No 123456

The verification code that is generated by the virtual MFA device.

ClientOS String No Windows_NT 10.0.18363 x64

The OS used by the client.

ClientVersion String No 2.1.0-R-20210731.151756

The version of the client.

Response parameters

Parameter Type Example Description
Email String alice@example***.com

The email address of the user. The system returns both the email address and logon credential in the LoginToken parameter after logon.

  • For a convenience user, the return value is the email address that you used when you created the convenience user.
  • For an AD user, the return value is in the following format: Username@The name of the AD domain.
EndUserId String alice

The username of the AD user. The username is the return value of the SessionToken parameter.

If the return value of the NextStage parameter is ADPassword and the return value of the EndUserId parameter is not empty, the returned username appears and the control is read-only on the password logon page. You cannot change the settings on the password logon page.

Label String test:wuying

The attributes of the user.

For an AD user, the return value is empty.

LoginToken String v18101ac6a9e69c66b04a163031680463660b4b216cd758f34b60b9ad6a7c7f7334b83dd8f75eef4209c68f9f1080b****

The logon credential.

NextStage String ADPassword

The next stage that is expected to enter.

Phone String 1871234****

The mobile phone number of the user.

For an AD user, the return value is empty.

QrCodePng String 5OCLLKKOJU5HPBX66H3QCTWY******

The QR code that was generated when the virtual MFA device is bound. The value is encoded in Base64. It can be empty, and it is used for the MFABind stage.

RequestId String 473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E

The ID of the request.

Secret String 5OCLLKKOJU5HPBX66H3QCTWYI7MH****

The key that was generated when the virtual MFA device was bound. It is used for the MFABind stage.

SessionId String d6ec166d-ab93-4286-bf7f-a18bb929****

The ID of the session. The ID is returned the first time you call the GetLoginToken operation in the same session.

TenantId Long 1234567890123456

The ID of the Alibaba Cloud account. The ID is used to identify the hardware client.

Examples

Sample requests

https://ecd.cn-hangzhou.aliyuncs.com/?Action=GetLoginToken
&ClientId=f4a0dc8e-1702-4728-9a60-95b27a35****
&OfficeSiteId=cn-hangzhou+dir-885351****
&RegionId=cn-hangzhou
&<Common request parameters>|

Sample success responses

XML format

<GetLoginTokenResponse>
      <Secret>5OCLLKKOJU5HPBX66H3QCTWYI7MH****</Secret>
      <TenantId>1234567890123456</TenantId>
      <QrCodePng>5OCLLKKOJU5HPBX66H3QCTWY******</QrCodePng>
      <EndUserId>alice</EndUserId>
      <Email>alice@example***.com</Email>
      <RequestId>473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E</RequestId>
      <Phone>1871234****</Phone>
      <Label>test:wuying</Label>
      <LoginToken>v18101ac6a9e69c66b04a163031680463660b4b216cd758f34b60b9ad6a7c7f7334b83dd8f75eef4209c68f9f1080b****</LoginToken>
      <SessionId>d6ec166d-ab93-4286-bf7f-a18bb929****</SessionId>
      <NextStage>ADPassword</NextStage>
</GetLoginTokenResponse>

JSON format

{
    "Secret": "5OCLLKKOJU5HPBX66H3QCTWYI7MH****",
    "TenantId": "1234567890123456",
    "QrCodePng": "5OCLLKKOJU5HPBX66H3QCTWY******",
    "EndUserId": "alice",
    "Email": "alice@example***.com",
    "RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E",
    "Phone": "1871234****",
    "Label": "test:wuying",
    "LoginToken": "v18101ac6a9e69c66b04a163031680463660b4b216cd758f34b60b9ad6a7c7f7334b83dd8f75eef4209c68f9f1080b****",
    "SessionId": "d6ec166d-ab93-4286-bf7f-a18bb929****",
    "NextStage": "ADPassword"
}