GetLoginToken - Elastic Desktop Service - Alibaba Cloud Documentation Center

Obtains logon credentials.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	Yes	The region ID. You can call the DescribeRegions operation to query the regions supported by EDS.	cn-hangzhou
ClientId	string	Yes	The ID of the Alibaba Cloud Workspace client. The system generates a unique ID for each client.	f4a0dc8e-1702-4728-9a60-95b27a35****
DirectoryId	string	No	The office network ID. This parameter has the same meaning as `OfficeSiteId`. We recommend that you replace `DirectoryId` with `OfficeSiteId`. You can specify a value for `DirectoryId` or `OfficeSiteId`.	cn-hangzhou+dir-885351****
OfficeSiteId	string	Yes	The office network ID.	cn-hangzhou+dir-885351****
SessionId	string	No	The ID of the session. If the virtual multi-factor authentication (MFA) device is not bound or two-factor authentication is not enabled for the client, you do not need to specify a value for `SessionId`. If the virtual MFA device is not bound or two-factor authentication is enabled for the client, you must specify a value for `SessionId` to verify the user identity after you specify a value for `ADPassword`. The value of the `SessionId` parameter is returned only if the CurrentStage parameter is set to `ADPassword` when you call the `GetLoginToken` operation.	cd45e873-650d-4d70-acb9-f996187a****
CurrentStage	string	No	The logon authentication stage. Valid values: `ADPassword`: the stage to verify the identity of the Active Directory (AD) user. You must specify the value when the system verifies the identity of a convenience account or an AD account. `MFABind: the stage to bind a virtual multi-factor authentication (MFA) device.` `MFAVerify: the stage to verify the verification code that is generated by the virtual MFA device.` `TokenVerify`: the stage to perform two-factor authentication on an Alibaba Cloud Workspace client (hereinafter referred to as the client). `ChangePassword`: the stage to change the password of the user. `KeepAliveVerify`: the stage to obtain LoginToken if KeepAliveToken is valid.	ADPassword
EndUserId	string	No	The name of the convenience user or the AD user. This parameter is required if you set `CurrentStage` to `ADPassword`.	alice
Password	string	No	The password of the convenience user or the AD user. This parameter is required if you set `CurrentStage` to `ADPassword`.	Password1234
OldPassword	string	No	The current password. This parameter is required if you set `CurrentStage` to `ChangePassword`.	OldPassword
NewPassword	string	No	The new password. This parameter is required if you set `CurrentStage` to `ChangePassword`.	NewPassword
AuthenticationCode	string	No	The verification code that is generated by the virtual MFA device. This parameter is required if you set `CurrentStage` to `MFAVerify`.	47****
ClientOS	string	No	The operating system (OS) of the device that runs an Alibaba Cloud Workspace client.	Windows_NT 10.0.1**** x64
ClientVersion	string	No	The version of the client. When you use an Alibaba Cloud Workspace client, you can view the client version in the About dialog box on the client logon page.	2.1.0-R-20210731.1****
TokenCode	string	No	If two-factor authentication is enabled for Alibaba Cloud Workspace terminals in the EDS console and the system detects that the current logon user is exposed to risks, the system sends a verification code to the email address of the user. This parameter is required if you set `CurrentStage` to `TokenVerify`.	63****
KeepAlive	boolean	No	Specifies whether to keep the user logged on to the client. Valid values: null: Default value. Do not keep the user logged on to the client. true: Keep the user logged on to the client. false: Do not keep the user logged on to the client.	false
KeepAliveToken	string	No	The token to keep logging on to an Alibaba Cloud Workspace client. When an end user logs on to the Alibaba Cloud Workspace client and select Auto Sign-in, `KeepAliveToken` is returned after you call this operation. Within the valid period of the returned token``, you can call the `GetLoginToken` operation and set `CurrentStage` to `KeepAliveVerify`. Then, you can obtain LoginToken. If you set `CurrentStage` to `KeepAliveVerify`, `KeepAliveToken` is required.	hide
Uuid	string	No	The unique identifier of the client. When you use an Alibaba Cloud Workspace client, you can view the client version in the About dialog box on the client logon page.	C78CA9E99315687575DD2844C1F3****
ClientType	string	No	The type of Alibaba Cloud Workspace clients. Valid values: HTML5: web client. WINDOWS: Windows client. MACOS: macOS client. IOS: iOS client. ANDROID: Android client.	Windows

Response parameters

Parameter	Type	Description	Example
	object	The response parameters.
Email	string	The email address of the user. The system returns the email address in the return value of the LoginToken parameter after the user logs on to the client. For a convenience user, the return value is the email address specified when the administrator creates the convenience user. For an AD user, the return value is in the following format: `Username@Name of the AD domain`.	alice
Secret	string	The key that is generated when you bind the virtual MFA device. This parameter is required when the CurrentStage parameter is set to `MFABind`. Note For more information about each authentication stage, see the parameter description of the request parameter `CurrentStage`.	5OCLLKKOJU5HPBX66H3QCTWYI7MH****
RequestId	string	The ID of the request.	1CBAFFAB-B697-4049-A9B1-67E1FC5F****
EndUserId	string	The account of the convenience user or the AD user.	alice
LoginToken	string	The logon token.	v18101ac6a9e69c66b04a163031680463660b4b216cd758f34b60b9ad6a7c7f7334b83dd8f75eef4209c68f9f1080b****
NextStage	string	The next stage that is expected to enter. For example, an administrator enables MFA in the EDS console. When an end user enters the password, that is, the end user completes the `ADPassword` stage, this parameter returns `MFAVerify`. This indicates that MFA is required. Note For more information about the authentication stages, see the `CurrentStage` parameter.	MFAVerify
QrCodePng	string	The QR code that is generated when the virtual MFA device is bound. The value is encoded in Base64. This parameter can be empty. This parameter is required only when the CurrentStage parameter is set to `MFABind`. Note For more information about each authentication stage, see the parameter description of the request parameter `CurrentStage`.	5OCLLKKOJU5HPBX66H3QCTWY******
Label	string	The attribute of the convenience user. For an AD user, null is returned.	test:sample
SessionId	string	The ID of the session. The ID is returned the first time you call the `GetLoginToken` operation in the session. If MFA is required, you must specify this parameter in subsequent stages. Note For more information about each authentication stage, see the parameter description of the request parameter `CurrentStage`.	d6ec166d-ab93-4286-bf7f-a18bb929****
Phone	string	Enter the mobile number of the convenience user. For an AD user, null is returned.	1381111****
TenantId	long	The ID of the Alibaba Cloud account. The ID is used for hardware client authentication.	166353906220****
KeepAliveToken	string	The token used to keep the user logged on. After the user logs on to the client and select the Keep Logon option, `KeepAliveToken` is returned when you call the operation. If the user does not select the Keep Logon option, null is returned.	006YwvYMsesWWsDBZnVB+Wq9AvJDVIqOY3YCktvtb7+KxMb3ClnNlV8+l/knhZYrXUmeP06IzkjF+IgcZ3vZKOyMprDyFHjCy1r27FRE/U7+geWCl8iQ+yF8GaCRHfJEkC2+ROs93HkT4tfHxyY1J8W7O7ZQGUC/cdCvm+cCP6FIy73IUuPuVR6PcKYXIpEZPW
Industry	string	Note This is a parameter only for internal use.	edu
Props	object	Note This is a parameter only for internal use.
	string	Note This is a parameter only for internal use.	{'dingUserName': u'\u674e\u66fc', 'role': 'student'}
WindowDisplayMode	string	Note This is a parameter only for internal use.	mode
RiskVerifyInfo	object	Risk identification information regarding the signin process.
Email	string	The email used for authentication.	user@example.com
LastLockDuration	long	The duration of the lock.	1713749778
Locked	string	Whether the account is locked or not.	true
Phone	string	The mobile number used for authentication.	1388888****
Reason	string	Note This is a parameter only for internal use.	null
PasswordStrategy	object	Note This is a parameter only for internal use.
TenantPasswordLength	string	Note This is a parameter only for internal use.	null
TenantAlternativeChars	array	Note This is a parameter only for internal use.
tenantAlternativeChar	string	Note This is a parameter only for internal use.	null

Examples

Sample success responses

JSONformat

{
  "Email": "alice",
  "Secret": "5OCLLKKOJU5HPBX66H3QCTWYI7MH****",
  "RequestId": "1CBAFFAB-B697-4049-A9B1-67E1FC5F****",
  "EndUserId": "alice",
  "LoginToken": "v18101ac6a9e69c66b04a163031680463660b4b216cd758f34b60b9ad6a7c7f7334b83dd8f75eef4209c68f9f1080b****",
  "NextStage": "MFAVerify",
  "QrCodePng": "5OCLLKKOJU5HPBX66H3QCTWY******",
  "Label": "test:sample",
  "SessionId": "d6ec166d-ab93-4286-bf7f-a18bb929****",
  "Phone": "1381111****",
  "TenantId": 0,
  "KeepAliveToken": "006YwvYMsesWWsDBZnVB+Wq9AvJDVIqOY3YCktvtb7+KxMb3ClnNlV8+l/knhZYrXUmeP06IzkjF+IgcZ3vZKOyMprDyFHjCy1r27FRE/U7+geWCl8iQ+yF8GaCRHfJEkC2+ROs93HkT4tfHxyY1J8W7O7ZQGUC/cdCvm+cCP6FIy73IUuPuVR6PcKYXIpEZPW",
  "Industry": "edu",
  "Props": {
    "key": "{'dingUserName': u'\\u674e\\u66fc', 'role': 'student'}"
  },
  "WindowDisplayMode": "mode",
  "RiskVerifyInfo": {
    "Email": "user@example.com",
    "LastLockDuration": 1713749778,
    "Locked": true,
    "Phone": "1388888****"
  },
  "Reason": null,
  "PasswordStrategy": {
    "TenantPasswordLength": null,
    "TenantAlternativeChars": [
      null
    ]
  }
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation
2024-06-04	The response structure of the API has changed	View Change Details
2024-04-23	The request parameters of the API has changed	View Change Details
2024-04-10	The request parameters of the API has changed. The response structure of the API has changed	View Change Details