we are trying to accomplish user provisioning between BlueJeans and an idP

  • 1
  • Question
  • Updated 3 weeks ago
we are trying to accomplish user provisioning between BlueJeans and an idP. While trying to generate the Authorization code for 3 legged Authorization flow, we are receiving the following error "Something went wrong while setting the permissions.Please try again."

It would be great if you can help us on resolving this error.

Thanks in advance.
Photo of Abhishek Juneja

Abhishek Juneja

  • 90 Points 75 badge 2x thumb

Posted 3 weeks ago

  • 1
Photo of Alphi Villanueva

Alphi Villanueva, Employee

  • 110 Points 100 badge 2x thumb
Thank you for your interest in our APIs. Here's a list of steps to perform 3-Legged Authentication. You will need to have an access token from either using and admin username and password or an existing app key and app secret to perform this.

Best regards,

Alphi Villanueva



Prerequisites
Enterprise Level Access Token either by authenticating using an Admin Username and Password or an App Key and Secret

--------SETUP PHASE--------
Steps you will need to perform once during setup

Setup Step 1.
Create a Client Application and Register it with BlueJeans.

[POST] https://api.bluiejeans.com/v1/user/{user_id}/developer_applications?access_token=Access Token from Prerequisite
{
  "appName": "Application Name",
  "description": "Application Description",
  "appLogoUrl": "URL for your Logo",
  "redirectUrls": [
    "Redirect URL for your Application"
  ]
}

Example POST JSON Values
appName will not work because the App Name is already registered
{
  "appName": "AlphiTest3Legged",
  "description": "Reference Application to test 3-legged authentication",
  "appLogoUrl": "https://glenninn.github.io/bjn-test3leg/html/Logo-84x84.png";,
  "redirectUrls": [
    "https://alphigabriel.com/apps/test/";
  ]
}


Setup Step 2.
Save the Resulting Client ID and Client Secret from the Response.
* The Client Secret will not be attainable after this step. You can regenerate the secret using the /v1/user/{user_id}/developer_applications/{client_id}/secret endpoint if needed.

JSON Response
{
  "description": "Application Description",
  "appLogoUrl": "URL for your Logo",
  "redirectUrls": [
    "Redirect URL for your Application"
  ]
  "clientId": "Client ID",
  "clientSecret": "Client Secret",
  "appName": "Application Name",
  "client_id": "Client ID",
  "client_secret": "Client Secret"
}

Example JSON Response
These are valid values and will work if used
{
  "description": "Reference Application to test 3-legged authentication",
  "appLogoUrl": "https://glenninn.github.io/bjn-test3leg/html/Logo-84x84.png";,
  "redirectUrls": [
    "https://alphigabriel.com/apps/test/";
  ],
  "clientId": "fdfa9389e3714c7e8872777c54ef18ae",
  "clientSecret": "WYM3Xzyaiu2l0nT",
  "appName": "AlphiTest3Legged",
  "client_id": "fdfa9389e3714c7e8872777c54ef18ae",
  "client_secret": "WYM3Xzyaiu2l0nT"
}



--------APPLICATION PHASE--------
Steps you will need to perform when first having a user authorize their account

Application Step 1.
Format the values you have saved in the Setup Phase into a url to authorize

URL with Parameters
https://bluejeans.com/oauth2/authorize/
?clientId=Client ID from Setup Step 2
&redirectUri=Callback URL to Process the Code for Application Step 2
&state=Any Phrase you want to pass to your Code for Application Step 2
&scope= Comma Separated Permissions you want to allow your App
&responseType= Must set to: code
&appName=Application Name
&appLogoUrl=URL for your Logo

Example URL with Parameters
These are valid values and will work if used
https://bluejeans.com/oauth2/authorize/?clientId=fdfa9389e3714c7e8872777c54ef18ae&redirectUri=ht...


Application Step 2.
Allow your webserver and destination listed in the redirectUri in Application Step 1 to handle the GET values passed

Callback URL Parameters
code=Code to be provided to Application Step 3
state=State from Application Step 1 to use for any validation for your application

Example Callback URL with Parameters
https://alphigabriel.com/apps/test/callback?code=EdF3AHCloCh5ZxT&state=fishing


Application Step 3.
Get the Access Token and Refresh Token for the User Account

[POST] https://api.bluiejeans.com/oauth2/token?Code
{
  "redirectUri": "Ending URL to End the Process",
  "code": "Code from Application Step 2",
  "grant_type": "Must set to: authorization_code",
  "client_secret": "Client Secret saved from Setup Step 2",
  "client_id": "Client ID saved from Setup Step 2"
}

Example POST JSON Values
code will not work because the code will expire as it only lasted for 30 seconds from Application Step 1.
{
  "redirectUri": "https://alphigabriel.com/apps/test/html";,
  "code": "QbsSfHDlJgusAg7",
  "grant_type": "authorization_code",
  "client_secret": "WYM3Xzyaiu2l0nT",
  "client_id": "fdfa9389e3714c7e8872777c54ef18ae"
}


Application Step 4.
Use and save the Access Token and the Refresh Token for later use such as in a separate database associated for the user

JSON Response Model
{
  "access_token": "Access Token to Be Used in Maintenance Step 1",
  "expires_in": 0,
  "scope": {
    "appPermissions": [
      {
        "method": "method",
        "allowedRegex": "allowedRegex"
      },
      {
        "method": "method",
        "allowedRegex": "allowedRegex"
      }
    ],
    "partitionName": "partitionName",
    "partition": {
      "name": "name",
      "id": 1
    },
    "clientId": "clientId",
    "bearerPermissions": "bearerPermissions",
    "user": 6
  },
  "refresh_token": "Refresh Token to Be Used in Maintenance Step 2"
}

Example JSON Response
These are not valid values and will not work if used
{
  "access_token": "f7fe0104421243d580ab76b2b7e9e952",
  "expires_in": 3600,
  "scope": {
    "user": 1233988,
    "appPermissions": [
      {
        "method": "GET",
        "allowedRegex": "/v\\d+/user/1233988/personal_meeting.*"
      },
      {
        "method": "GET",
        "allowedRegex": "/v\\d+/user/1233988/scheduled_meeting.*"
      }
    ],
    "partitionName": "z2",
    "partition": {
      "id": 2,
      "name": "z2"
    },
    "bearerPermissions": "list_meetings",
    "clientId": "fdfa9389e3714c7e8872777c54ef18ae",
    "client_id": "fdfa9389e3714c7e8872777c54ef18ae",
    "capabilities": []
  },
  "refresh_token": "MkDZA1YvNvCUFYAHqlzk812c7juPWVEgrLbXycm6rxwSDv27Iwzy8E0RJMO7K0JE1PCzl30AsWBEsfmr1dnzrD0WLvwb3O5lxzeC"
}



--------MAINTENANCE PHASE--------
Steps you will need to perform iteratively to refresh the Access Token

Maintenance Step 1.
Check if Access Token being used is valid with a response code of 200

[GET] https://api.bluiejeans.com/oauth2/tokenInfo
URL with Parameters
https://api.bluiejeans.com/oauth2/tokenInfo
?access_token=Access Token saved from Application Step 4

Example URL with Parameters
These are valid values and will work if used but may not be valid and return a response code of 404
https://api.bluejeans.com/oauth2/tokenInfo
?access_token=f7fe0104421243d580ab76b2b7e9e952


Maintenance Step 2.
Refresh Access Token if it's expired according to Maintenance Step 2 or everytime a user uses the application.

[POST] https://api.bluiejeans.com/oauth2/token?Refresh
{
  "refresh_token": "Refresh Token save from Application Step 4",
  "grant_type": "Must set to: refresh_token",
  "client_secret": "Client Secret saved from Setup Step 2",
  "client_id": "Client ID saved from Setup Step 2"
}

Example POST JSON Values
refresh_token will not work because it will expired
{
  "refresh_token": "MkDZA1YvNvCUFYAHqlzk812c7juPWVEgrLbXycm6rxwSDv27Iwzy8E0RJMO7K0JE1PCzl30AsWBEsfmr1dnzrD0WLvwb3O5lxzeC",
  "grant_type": "refresh_token",
  "client_secret": "WYM3Xzyaiu2l0nT",
  "client_id": "fdfa9389e3714c7e8872777c54ef18ae"
}