When you share or embed Simple Log Service console pages by using password-free and logon-free URLs, the tickets that these URLs rely on expire quickly. You can call the RefreshToken operation to extend the validity period of these URLs.
How it works
Prerequisites
A password-free and logon-free URL is generated. For more information, see Embed and share console pages.
Procedure
Step 1: Grant the required permissions to a RAM user
If you use an Alibaba Cloud account, you can skip this step and go to Step 2.
-
Log on to the Resource Access Management (RAM) console by using the RAM user that generates the password-free and logon-free URL.
-
Grant the permissions to call the RefreshToken operation to the RAM user. For more information, see Manage RAM user permissions and Create a custom policy.
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": "log:RefreshToken", "Resource": "acs:log:*:*:ticket/*" } ] }
Step 2: Add a parameter to the password-free and logon-free URL
Append the supportRefreshToken parameter to the password-free and logon-free URL. This parameter specifies whether the third-party server supports the RefreshToken operation. Set the supportRefreshToken parameter to true to enable token refresh for the URL.
https://sls.console.alibabacloud.com/lognext/project/<Project name>/dashboard/<Dashboard ID>?sls_ticket=eyJ***************.eyJ******************.KUT****************&supportRefreshToken=true&isShare=true&hideTopbar=true&hideSidebar=true&ignoreTabLocalStorage=trueStep 3: Monitor events on the client side
The third-party client monitors the message event and sends the latest ticket to the related iFrame.
window.addEventListener('message', async (e) => {
if (e?.data?.type === 'refreshToken') {
const accessToken = await callApi()
document.querySelector('#myIframe').contentWindow.postMessage(
{
// The value is fixed as applyAccessToken.
type: 'applyAccessToken',
// The ticket that is obtained by calling the callApi method.
accessToken,
// The ticket that is obtained by calling the CreateTicket operation.
ticket: e.data.ticket,
},
'*'
)
}
})
-
The
callApi()method is custom. The third-party client uses it to call the third-party server API, which then calls the RefreshToken operation to obtain aticket. For more information about how to integrate the RefreshToken operation into your business code, see Sample code. -
When you call the RefreshToken operation to obtain a
ticket, you must use the Simple Log Service endpoint for the China (Shanghai) or Singapore region. After you obtain theticket, it works across all regions. -
The RefreshToken operation requires two input parameters: ticket and accessTokenExpirationTime.
ticketspecifies the ticket generated by the CreateTicket operation.accessTokenExpirationTimespecifies the validity period of the new ticket, in seconds. Maximum value: 86400. Default value: 86400 (one day). A ticket can be extended up to 30 days. Call the RefreshToken operation once a day before the ticket expires.
Sample code
The following examples show how to call the RefreshToken operation:
Java
-
Add Maven dependencies.
Open the pom.xml file in the root directory of your Java project and add the following code:
<dependency> <groupId>com.aliyun</groupId> <artifactId>sls20201230</artifactId> <version>5.2.1</version> </dependency> <dependency> <groupId>com.aliyun</groupId> <artifactId>tea-openapi</artifactId> <version>0.3.2</version> </dependency> <dependency> <groupId>com.aliyun</groupId> <artifactId>tea-console</artifactId> <version>0.0.1</version> </dependency> <dependency> <groupId>com.aliyun</groupId> <artifactId>tea-util</artifactId> <version>0.2.21</version> </dependency> -
Generate a
ticket.// This file is auto-generated, don't edit it. Thanks. package com.aliyun.sample; import com.aliyun.sls20201230.Client; import com.aliyun.tea.*; public class Sample { /** * Use your AccessKey ID and AccessKey secret to initialize a client. * @return Client * @throws Exception */ public static Client createClient() throws Exception { // If the project code is leaked, the AccessKey pair may be leaked and the security of all resources in your account may be compromised. The following sample code is provided only for reference. // We recommend that you use Security Token Service (STS) tokens, which provide higher security. com.aliyun.teaopenapi.models.Config config = new com.aliyun.teaopenapi.models.Config() // Required. Make sure that the ALIBABA_CLOUD_ACCESS_KEY_ID environment variable is configured. .setAccessKeyId(System.getenv("ALIBABA_CLOUD_ACCESS_KEY_ID")) // Required. Make sure that the ALIBABA_CLOUD_ACCESS_KEY_SECRET environment variable is configured. .setAccessKeySecret(System.getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET")); // For more information about endpoints, see https://api.aliyun.com/product/Sls. config.endpoint = "cn-shanghai.log.aliyuncs.com"; return new Client(config); } public static void main(String[] args_) throws Exception { java.util.List<String> args = java.util.Arrays.asList(args_); com.aliyun.sls20201230.Client client = Sample.createClient(); com.aliyun.sls20201230.models.RefreshTokenRequest refreshTokenRequest = new com.aliyun.sls20201230.models.RefreshTokenRequest() .setTicket("eyJ***************.eyJ******************.KUT****************") .setAccessTokenExpirationTime(60L); com.aliyun.teautil.models.RuntimeOptions runtime = new com.aliyun.teautil.models.RuntimeOptions(); java.util.Map<String, String> headers = new java.util.HashMap<>(); try { com.aliyun.sls20201230.models.RefreshTokenResponse resp = client.refreshTokenWithOptions(refreshTokenRequest, headers, runtime); com.aliyun.teaconsole.Client.log(com.aliyun.teautil.Common.toJSONString(resp)); } catch (TeaException error) { // Handle exceptions with caution in actual business scenarios and never ignore exceptions in your project. In this example, error messages are displayed in the console. // Display an error message. System.out.println(error.getMessage()); // Display information for troubleshooting. System.out.println(error.getData().get("Recommend")); com.aliyun.teautil.Common.assertAsString(error.message); } catch (Exception _error) { TeaException error = new TeaException(_error.getMessage(), _error); // Handle exceptions with caution in actual business scenarios and never ignore exceptions in your project. In this example, error messages are displayed in the console. // Display an error message. System.out.println(error.getMessage()); // Display information for troubleshooting. System.out.println(error.getData().get("Recommend")); com.aliyun.teautil.Common.assertAsString(error.message); } } }
Python
# -*- coding: utf-8 -*-
# This file is auto-generated, don't edit it. Thanks.
import os
import sys
from typing import List
from alibabacloud_sls20201230.client import Client as Sls20201230Client
from alibabacloud_tea_openapi import models as open_api_models
from alibabacloud_sls20201230 import models as sls_20201230_models
from alibabacloud_tea_util import models as util_models
from alibabacloud_tea_util.client import Client as UtilClient
class Sample:
def __init__(self):
pass
@staticmethod
def create_client() -> Sls20201230Client:
"""
Use your AccessKey ID and AccessKey secret to initialize a client.
@return: Client
@throws Exception
"""
# If the project code is leaked, the AccessKey pair may be leaked and the security of all resources in your account may be compromised. The following sample code is provided only for reference.
# We recommend that you use STS tokens, which provide higher security.
config = open_api_models.Config(
# Required. Make sure that the ALIBABA_CLOUD_ACCESS_KEY_ID environment variable is configured.
access_key_id=os.environ['ALIBABA_CLOUD_ACCESS_KEY_ID'],
# Required. Make sure that the ALIBABA_CLOUD_ACCESS_KEY_SECRET environment variable is configured.
access_key_secret=os.environ['ALIBABA_CLOUD_ACCESS_KEY_SECRET']
)
# For more information about endpoints, see https://api.aliyun.com/product/Sls.
config.endpoint = f'cn-shanghai.log.aliyuncs.com'
return Sls20201230Client(config)
@staticmethod
def main(
args: List[str],
) -> None:
client = Sample.create_client()
refresh_token_request = sls_20201230_models.RefreshTokenRequest(
ticket='eyJ***************.eyJ******************.KUT****************',
access_token_expiration_time=60
)
runtime = util_models.RuntimeOptions()
headers = {}
try:
# If you copy and run the sample code, add code to display the API call results.
client.refresh_token_with_options(refresh_token_request, headers, runtime)
except Exception as error:
# Handle exceptions with caution in actual business scenarios and never ignore exceptions in your project. In this example, error messages are displayed in the console.
# Display an error message.
print(error.message)
# Display information for troubleshooting.
print(error.data.get("Recommend"))
UtilClient.assert_as_string(error.message)
@staticmethod
async def main_async(
args: List[str],
) -> None:
client = Sample.create_client()
refresh_token_request = sls_20201230_models.RefreshTokenRequest(
ticket='eyJ***************.eyJ******************.KUT****************',
access_token_expiration_time=60
)
runtime = util_models.RuntimeOptions()
headers = {}
try:
# If you copy and run the sample code, add code to display the API call results.
await client.refresh_token_with_options_async(refresh_token_request, headers, runtime)
except Exception as error:
# Handle exceptions with caution in actual business scenarios and never ignore exceptions in your project. In this example, error messages are displayed in the console.
# Display an error message.
print(error.message)
# Display information for troubleshooting.
print(error.data.get("Recommend"))
UtilClient.assert_as_string(error.message)
if __name__ == '__main__':
Sample.main(sys.argv[1:])