I’m building a script to download video files from our Zoom account and then upload them to a team drive.
The Zoom API returns a download URL for the video file, but as we have SAML enabled, it’s necessary to authenticate before you’re redirected to the file.
I’ve been messing around with a bunch of okta’s authentication APIs, but I’m not really getting anywhere.
My current flow is as follows:
Get a session token from okta’s auth api /api/v1/authn
Exchange the session token for a session cookie using api/v1/sessions?additionalFields=cookieToken'
Pass this cookie to the URL request.
It obviously isn’t working, but I’m not sure if this is because the flow is wrong or because there is an issue with the authentication.
You can obtain the SSO AppLink URL from your end-user dashboard via your browser devtools for the chicklet, the app settings (under embed link ) in the admin app, or via the AppLinks API (e.g. /api/v1/users/me/appLinks)
The problem I’m having is that after I post the session token to the applink url, and then scrape the url and samlResponse from the html response i get back then post it to the url, I appear to be successfully logged in.
However, even after extracting the cookies from this response, and performing all of this from within a requests.Session(), when I then try to get the url with the video, it just pushes me back to the original login screen.
Your use case is really outside of the intended product scenarios as you are trying to use a browser-based SSO protocol with cookies via a headless API client. The AppLink URL is intended to be used only by a browser. I would maybe investigate using something more like https://github.com/GoogleChrome/puppeteer if you want to use SAML-based authentication in a scriptable way.