When I am trying to request this url https://api.citrixonline.com/oauth/authorize?client_id={api_key} in browser taking me to the login page of G2M and asking for the user name and password . Putting this its asking for the allow deny after clicking the allow its redirecting to the redirect_uri with code and exchanging the code its provideing the detail like access_token and all. Can we not eliminate the process for putting the credential and allow click. I mean can we not tied up developer application with a G2W,G2M,G2T personal account.

Thanks in advance...

The Oauth flow is required. Please note that the access token is good for up to one year. So you should rarely need to send the user through this process. 

Thanks Nathan,
Does it mean that we need to go through at least one time in a year to get the access token.
Can we not pass credential programmatically because we do not want to take the user on the citrix login page.

You cannot pass programmatically, it would nulify the purpose of the Oauth flow which is to keep the users login and password private. 

Is there any good way to automate this oAuth process? Is it possible to programmatically "grab" the code= from the redirect URL after a user authenticates and hits allow?

It wasn't that hard for us to automate it, but I would recommend against it. It took a series of 3 http calls for us to programatically bypass the login, but the folks at citrix keep changing the contents of their login page which keeps breaking the oAuth script we wrote. If you cant rely on the same set of responses to your http post every time, then automation's a mute point. I've been in web development for 10 years now and have worked with countless APIs, all of them fully automated. In my opinion an API which requires human interaction is the dumbest thing I've ever heard of, but that's how the folks at citrix designed it. So here we go again, we're fixing our automated process to interact with a new login page again....thanks citrix!

As much as our customer service folks complain about this process breaking on them, there's nothing we can do. From now on, it's not even going to be automated anymore.

Can anybody do this process whenever required. I mean does it require any legal authentication.

salvage cars for sale

How do I bypass the login screen when making an API call? I wsnt to set the email and password while making the call. Please help!


@areichert - up vote +10

OAuth makes sense for app developers that are extending GoTo apps and are being used by the admin/organizer but I doubt that is the case for most of the integrations being done by Citrix customers. To prevent storing the username and password can be easily achieved by having the developer request an application key from an admin interface - then determine how long that key is good for (typically forever) and be able revoke it if necessary. (That is how MailChimp does it and probably many other websites).

I think the vast majority of integrations being done by Citrix customers probably don't fit the OAuth model - for example: registering a user for a webinar, retrieving upcoming webinars to show to customers, showing a user which webinars they are registered for, etc. etc.

Saying that the token is good for a year is just a cop out ... now we store the token and wonder when the day will be that our token stops working and everything fails requiring developer (human) intervention. If you want to do this - just make the tokens never expire and give a method or screen to force expire a token if needed.

Come on guys - make this work properly - developer time is expensive so don't make things harder than they need to be.