Vertec Python module "vtcauth"
The Vertec Python module "vtcauth" for easy login via OAuth.
Operating mode
Cloud Suite
On-Premises
Base module
Services & CRM
Additional modules
Budget & Phases
Purchases
Resource Planning
Business Intelligence
As of version 6.8 there is the Vertec Python Module vtcauth to be able to use OAuth authentication in arbitrary extensions and Python scripts in Vertec.
This includes a decorator authenticate to which a config dictionary is passed as argument.
The parameters that can be passed in the config dictionary are the following in vtcauth existing instance variables:
prefix |
a prefix can be used to automatically read and save the following values from Vertec Property:
The properties, including prefix, must be named exactly as follows: If a prefix is specified in the config, these values are automatically read from or saved in the Vertec properties. If no prefix is specified, these configurations must be specified individually in the config. |
logging |
Default value is |
client_id |
Corresponds to the Application ID. Must be specified only if not covered via prefix. |
client_secret |
Corresponds to the Application Secret. Only to be specified if not covered via prefix. |
individual_login |
Default value is |
scope |
Defines the amount of access the application requires to a user’s resources. Standard (MS Graph): "https://graph.microsoft.com/.default offline_access" Requires only if OAuth is to be used for another endpoint. |
use_password |
As of Vertec 6.8.0.12. This is a legacy feature of OAuth, which should only be used if the third-party system does not support any other login. Default value is False. Will it be on True the login is done via username and password. |
username |
Used when use_password on True is set. |
password |
Used when use_password on True is set. |
response_mode |
Default value is |
redirect_uri |
Corresponds to the Vertec callback address and cannot be overridden with the config until Vertec 6.8.0.11. As of Vertec 6.8.0.12 the redirect_uri in the config can be overridden. This is needed when Use in scheduled tasks in the Cloud Suite, where the Vertec callback address returns 127.0.0.1:8081, which is not sufficient for the automated scheduled task. |
tenant_id |
Required when using MS Graph and must be specified with the config accordingly. |
auth_base_url |
Authorization endpoint. Standard (MS Graph):
"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize"Requires only if OAuth is to be used for another endpoint. |
token_endpoint |
Endpoint for the tokens. Designed for MS Graph by default:
"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token"Requires only if OAuth is to be used for another endpoint. |
access_token |
AccessToken. Must be specified only if not covered via prefix. |
refresh_token |
RefreshToken. Only to be specified if not covered via prefix. |
The minimum call (for MS Graph) in a script looks like this:
from vtcauth import authenticate # config example using vertec properties with prefix config_prefix = { "tenant_id":"xxxxxxxxxxxxxxxxxxx.onmicrosoft.com", "prefix":"DmsSharePoint", "logging":True,} # using decorator from vtcauth with config_prefix dict @authenticate(config_prefix)
The entire OAuth authentication takes place via the decorator @authenticate(config_prefix) instead.
If the user is not already logged in to the targeted application, he has one minute to authenticate. If he does not log in to the open login dialog of the targeted product within one minute, there is a timeout.
If the token is expired or invalid, a TokenExpiredException This triggers the OAuth mechanism to fetch new tokens. If a RefreshToken is present and valid, the AccessToken is fetched with the RefreshToken. The exception can be executed a maximum of three times in the same call (by default), after which an error is thrown.
Example
In this example, the first 10 sites of a SharePoint are displayed (MS Graph with OAuth authentication):
import requests from vtcauth import authenticate, TokenExpiredException # config example using vertec properties with prefix config_prefix = { "tenant_id":"xxxxxxxxxxxxxxxxxxx.onmicrosoft.com", "prefix":"DmsSharePoint", "logging":True,} class SharePointSiteQuery: # using decorator from vtcauth with config_prefix dict @authenticate(config_prefix) def get_sites_with_prefix_config(self): return self.get_sites() def get_sites(self): headers = { "Authorization": "Bearer {}".format(self.access_token), "Content-Type": "application/json",} response = requests.get("https://graph.microsoft.com/v1.0/sites?search=*&$top=10", headers=headers) if response.ok: content = response.json() elif: response.status_code == requests.codes.unauthorized: raise TokenExpiredException else: print(response.json().get("error").get("code") + ' - ' + response.json().get("error").get("message")) query = SharePointSiteQuery() query.get_sites_with_prefix_config()
The Vertec SharePoint Extension now also uses the module vtcauth internally. This does not change the operation of the extension.
Stub File
The module vtcauth is also supplied as a Stub File.
Use in Scheduled Tasks
As of Vertec 6.8.0.12 the module can vtcauth can also be used via planned tasks.
If individual registration is used, the following steps must be taken:
- Logging in to Vertec and third-party systems as administrator
- This user must be defined on the planned task
- If the scheduled task is executed manually once, AccessToken and RefreshToken are stored on the administrator and saved the scheduled task can access them later independently.
- The AccessToken is automatically renewed for as long as the RefreshToken is valid. If the RefreshToken also expires, the scheduled task must be executed again manually.
- When the RefreshToken expires,
expires_atis stored in a user property and can be queried by the administrator, if logged in to Vertec, via vtcapp.getpropertyvalue().