GetLoginToken - Elastic Desktop Service - Alibaba Cloud Documentation Center

Obtains a logon token.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

No authorization for this operation. If you encounter issues with this operation, contact technical support.

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	Yes	The region ID. Call DescribeRegions to get a list of regions that WUYING Workspace supports.	cn-hangzhou
ClientId	string	Yes	The unique ID that is generated by the client.	f4a0dc8e-1702-4728-9a60-95b27a35****
DirectoryId	string	No	The office network ID. This parameter is the same as `OfficeSiteId`. We recommend that you use `OfficeSiteId` instead. You cannot specify both `DirectoryId` and `OfficeSiteId`.	cn-hangzhou+dir-885351****
OfficeSiteId	string	No	The office network ID.	cn-hangzhou+dir-885351****
SessionId	string	No	The logon session ID. If you have not bound a virtual multi-factor authentication (MFA) device or enabled two-factor authentication for the client, do not specify `SessionId`. If a virtual MFA device is bound or two-factor authentication is enabled for the client, specify `SessionId` in the logon authentication stage that follows the `ADPassword` stage. Get the `SessionId` from the response to a `GetLoginToken` request that is in the `ADPassword` stage for convenience account authentication.	cd45e873-650d-4d70-acb9-f996187a****
CurrentStage	string	No	The current stage of logon authentication. The stages are sequential: `ADPassword`: Verifies user information. Specify this value for password-based authentication that uses a convenience account or an Active Directory (AD) account. `MFABind`: Binds a virtual MFA device. `MFAVerify`: Verifies the security code that is generated by the virtual MFA device. `TokenVerify`: Performs two-factor authentication for the client. `ChangePassword`: Changes the user password. `KeepAliveVerify`: Exchanges a valid `KeepAliveToken` for a `LoginToken`.	ADPassword
EndUserId	string	No	The username of the convenience user or AD user. This parameter is required when `CurrentStage` is set to `ADPassword`.	alice
Password	string	No	The password of the convenience user or AD user. This parameter is required when `CurrentStage` is set to `ADPassword`.	Password1234
OldPassword	string	No	The old password. This parameter is required when `CurrentStage` is set to `ChangePassword`.	OldPassword
NewPassword	string	No	The new password. This parameter is required when `CurrentStage` is set to `ChangePassword`.	NewPassword
AuthenticationCode	string	No	The security code that is generated by the virtual MFA device. This parameter is required when `CurrentStage` is set to `MFAVerify`.	47****
ClientOS	string	No	The operating system of the device that runs the client.	Windows_NT 10.0.18363 x64
ClientVersion	string	No	The client version. If you use a WUYING Workspace client, find this parameter in the About dialog box on the client logon interface.	2.1.0-R-20210731.151756
TokenCode	string	No	If you enabled two-factor authentication for the client in the WUYING Workspace console and a logon threat is detected for the current user, a verification code for two-factor authentication is sent to the end user's email address. This parameter is required when `CurrentStage` is set to `TokenVerify`.	63****
KeepAlive	boolean	No	Specifies whether to stay logged on. Valid values: null : Does not stay logged on. [Default value] true : Stays logged on. false : Does not stay logged on.	false
KeepAliveToken	string	No	The token used to stay logged on. After a user successfully logs on and enables the stay logged on feature, the API returns a `KeepAliveToken`. Within the validity period of the `KeepAliveToken`, call the `GetLoginToken` operation and set `CurrentStage` to `KeepAliveVerify` to exchange the `KeepAliveToken` for a logon token (`LoginToken`). This parameter is required when `CurrentStage` is set to `KeepAliveVerify`.	hide
Uuid	string	No	The unique identifier of the client. If you use a WUYING Workspace client, find this parameter in the About dialog box on the client logon interface.	C78CA9E99315687575DD2844C1F3****
ClientType	string	No	The type of the WUYING Workspace software client. Valid values: HTML5 : Web client WINDOWS : Windows client MACOS : macOS client IOS : iOS client ANDROID : Android client	WINDOWS
AvailableFeatures	object	No
	string	No
ClientName	string	No

Response elements

Element	Type	Description	Example
	object	The information returned.
Email	string	The user's email address. It is returned with the LoginToken after a successful login. For a convenience user, this is the email address that was set when the convenience user was created. For an Active Directory (AD) user, the format is `username@AD domain name`.	alice
Secret	string	The key used to bind a virtual MFA device. This parameter is used in the `MFABind` stage. Note For more information about the authentication stages, see the description of the `CurrentStage` request parameter.	5OCLLKKOJU5HPBX66H3QCTWYI7MH****
RequestId	string	The request ID.	1CBAFFAB-B697-4049-A9B1-67E1FC5F****
EndUserId	string	The username of the convenience account or AD user.	alice
LoginToken	string	The logon token.	v18101ac6a9e69c66b04a163031680463660b4b216cd758f34b60b9ad6a7c7f7334b83dd8f75eef4209c68f9f1080b****
NextStage	string	The expected next stage. For example, if an administrator enables MFA in the WUYING Workspace console, this parameter returns `MFAVerify` after the username and password are authenticated (after the `ADPassword` stage). This indicates that MFA is required. Note For more information about the authentication stages, see the description of the `CurrentStage` request parameter.	MFAVerify
QrCodePng	string	The QR code of the key used to bind a virtual MFA device. The value is Base64-encoded. This parameter can be empty and is used in the `MFABind` stage. Note For more information about the authentication stages, see the description of the `CurrentStage` request parameter.	5OCLLKKOJU5HPBX66H3QCTWY******
Label	string	The properties of the convenience user. If the user is an AD user, this parameter is empty.	test:wuying
SessionId	string	The session ID. This parameter is returned only when you call `GetLoginToken` for the first time in the same session. If multiple authentications are required, pass this parameter in subsequent stages. Note For more information about the authentication stages, see the description of the `CurrentStage` request parameter.	d6ec166d-ab93-4286-bf7f-a18bb929****
Phone	string	The mobile phone number of the convenience user. If the user is an AD user, this parameter is empty.	1381111****
TenantId	integer	The Alibaba Cloud account ID. This is used for hardware client identification.	166353906220****
KeepAliveToken	string	The token used to stay logged on. After a user successfully logs on and enables the stay logged on feature, the API returns a `KeepAliveToken`. If the stay logged on feature is not enabled, this parameter is empty.	006YwvYMsesWWsDBZnVB+Wq9AvJDVIqOY3YCktvtb7+KxMb3ClnNlV8+l/knhZYrXUmeP06IzkjF+IgcZ3vZKOyMprDyFHjCy1r27FRE/U7+geWCl8iQ+yF8GaCRHfJEkC2+ROs93HkT4tfHxyY1J8W7O7ZQGUC/cdCvm+cCP6FIy73IUuPuVR6PcKYXIpEZPW
Industry	string	Note This is an internal parameter and is not available to the public.	edu
Props	object	Note This is an internal parameter and is not available to the public.
	string	Note This is an internal parameter and is not available to the public.	{'dingUserName': u'\u674e\u66fc', 'role': 'student'}
WindowDisplayMode	string	Note This is an internal parameter and is not available to the public.	mode
RiskVerifyInfo	object	Information about logon threat detection.
Email	string	When identity verification is triggered, this email address is used for verification.	user@example.com
LastLockDuration	integer	The time when the account was locked.	1713749778
Locked	string	Indicates whether the account is locked. Valid values: true : Yes false : No	true
Phone	string	When identity verification is triggered, this mobile phone number is used for verification.	1381111****
Reason	string	Note This is an internal parameter and is not available to the public.	null
PasswordStrategy	object	Note This is an internal parameter and is not available to the public.
TenantPasswordLength	string	Note This is an internal parameter and is not available to the public.	null
TenantAlternativeChars	array	Note This is an internal parameter and is not available to the public.
	string	Note This is an internal parameter and is not available to the public.	null
NickName	string
WyId	string

Examples

Success response

JSON format

{
  "Email": "alice",
  "Secret": "5OCLLKKOJU5HPBX66H3QCTWYI7MH****",
  "RequestId": "1CBAFFAB-B697-4049-A9B1-67E1FC5F****",
  "EndUserId": "alice",
  "LoginToken": "v18101ac6a9e69c66b04a163031680463660b4b216cd758f34b60b9ad6a7c7f7334b83dd8f75eef4209c68f9f1080b****",
  "NextStage": "MFAVerify",
  "QrCodePng": "5OCLLKKOJU5HPBX66H3QCTWY******",
  "Label": "test:wuying",
  "SessionId": "d6ec166d-ab93-4286-bf7f-a18bb929****",
  "Phone": "1381111****",
  "TenantId": 0,
  "KeepAliveToken": "006YwvYMsesWWsDBZnVB+Wq9AvJDVIqOY3YCktvtb7+KxMb3ClnNlV8+l/knhZYrXUmeP06IzkjF+IgcZ3vZKOyMprDyFHjCy1r27FRE/U7+geWCl8iQ+yF8GaCRHfJEkC2+ROs93HkT4tfHxyY1J8W7O7ZQGUC/cdCvm+cCP6FIy73IUuPuVR6PcKYXIpEZPW",
  "Industry": "edu",
  "Props": {
    "key": "{'dingUserName': u'\\u674e\\u66fc', 'role': 'student'}"
  },
  "WindowDisplayMode": "mode",
  "RiskVerifyInfo": {
    "Email": "user@example.com",
    "LastLockDuration": 1713749778,
    "Locked": "true",
    "Phone": "1381111****"
  },
  "Reason": "null",
  "PasswordStrategy": {
    "TenantPasswordLength": "null",
    "TenantAlternativeChars": [
      "null"
    ]
  },
  "NickName": "",
  "WyId": ""
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.