-
Notifications
You must be signed in to change notification settings - Fork 305
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How can I login or logout using the streams API? #13
Comments
No, unfortunately. Your users will need to log into Connect first, or you can have the Streams API pop-up the login screen. It’s not ideal, but that’s the state of the state.
…On Aug 10, 2017, 2:43 PM -0500, Sean Romocki ***@***.***>, wrote:
Hello,
I was wondering if it's possible to log an agent in and out using the Streams API. Since I will be eventually hiding the Amazon CCP I need to be able to do this functionality.
Thanks,
Sean
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
@autrey Understood. Are there any plans for alternative authentication options in the future? |
Just chiming in that this is also an issue for us. As much as AWS deserves credit for a good product, in our CMS we want to downplay the Amazon Connect branding (I'm sure they've heard that before), and it looks (and kind of is) unprofessional to have a pop-up in the middle of the login flow, especially since it means we also have to instruct how to disable Chrome's built-in pop-up blocker which catches it. Our workaround is to have a "Login" button that really just stands in front of the call to initializing the CCP and letting it summon the pop-up. I've read that AWS supports Kerberos authentication, but we would require it without the Microsoft Active Directory baggage, and I don't know if it's feasible for us to evaluate a custom solution and give certificates to each user. Long story short: Amazon, please give us login and logout options for our users, whether it's part of the amazon-connect-streams API or a part of the broader Amazon Connect service offering. It "shouldn't" be, but a clunky second login stream for agents is a big quality issue, and it seems like it should be fixable to give us developers more control without going all the way to requiring Microsoft Active Directory or Kerberos. |
I agree with the concerns others have expressed on this thread. My team is currently evaluating this product as well as other similar services for a new webapp. Amazon connect excels in some areas, but the login mechanism for connect requiring its own popup - once already granted access to our webapp - is too cumbersome. Also, once authenticated it doesn't close the popup, but instead remains open with just the ccp in the tab. The user has to switch tabs back to our webapp. |
@sromocki Unfortunately, I haven't heard, but I'm not on the Amazon team. My team has worked with Connect as a very early partner, but I don't have that kind of insider knowledge :-) I'll post if I hear anything I'm able to share. I do agree with everyone that this is a very reasonable and desirable feature to have. PS - (Just an idea) If your organization has AWS support, complete a support ticket referencing this issue. I do know that the Connect team is adjusting their roadmap based on customer feedback. The more votes for this, the closer it is to becoming a reality. I'll create a ticket as well. |
When I authenticate with my amazon connect credentials on the other page and when i come to my web page, it is taking lot of time to trigger connect.agent(...). Is there something, I am missing. Any help on this would be appreciated. |
There are a few questions here so I'll answer them as accurately as I can:
|
I see that there is an application for the preview, but is there any further documentation on how this would work? We do not currently have or need SSO, but would consider using it if only to cleanup the login process. Does using implementing SSO just for this purpose seem reasonable, or would it make more sense to just wait for point (3) to be addressed? |
@ninjamike54 in your post on Jan 30th you said that you can't log in via the streams API; however, you didn't mention log out. Is there a way to log out the agent via the streams API? If not, is there anyway to allow an agent to log out if we have the CCP hidden inside an iframe and not visible to the user? |
There's nothing in the documentation for this, but you could dig through the source code to find something. I bet it's not there, but here's a thought: Since we already have to use the login page, and can't hide the Connect branding yet, it might not be too painful for you to provide a link to the CCP in a new window (https://INSTANCE.awsapps.com/connect/ccp#/), and the user could log out from there. It's not a pretty solution, but a way to get out of embedding the stock CCP if that was the only reason to do so. |
@mschersten I have been trying to dig through the source but haven't gotten anywhere so far. I had already manually tried doing what you are suggesting; however, there seem to be issues with that. For one thing I am not getting the connect.EventType.AUTH_FAIL or connect.EventType.TERMINATE event in my page. It looks like the embedded CCP is trying to display the login page; however, it isn't trying to use a popup in this case and all I see in the console is: Refused to display 'https://INSTANCE.awsapps.com/connect/login?landat=%2Fconnect%2Fccp#/' in a frame because it set 'X-Frame-Options' to 'sameorigin'. If I can catch the fact that the agent isn't logged in anymore in my page I could do something to indicate that; however, I haven't found a way to catch that as of yet. |
Apperently I needed to subscribe to the connect.EventType.TERMINATED event instead of the connect.EventType.TERMINATE event. That gets hit when the agent logs out from the CCP in another window. Thank you @mschersten :) |
@AzerinnD - I tried your strategy today, but it doesn't seem to work for me. As a starting place, I just did this:
Then I tried logging out in a separate tab, but the callback was never fired. Do you see something I'm missing? Our workaround for logging out right now is to include a "Logout" link in our UI that does a few cleanup things and then redirects to https://INSTANCE.awsapps.com/connect/logout I was glad to find this thread. We're really hoping for cleaner login and logout options soon, too. EDIT: Scratch the first part. I was looking at another issue and realized what I was missing. In case anyone else needs it, this works:
Thanks for the tip on how to get this info! |
Sorry, I completely forgot to mention logging out in my previous answer. I can see logging out as something that we would give API access to; I'm not sure whether it would be natively on the Streams API (we'll have to figure out what that would look like), but it might make sense. Logging in, however, is unlikely in my view to end up on the Streams API since it's fundamentally designed to interact with an authenticated user. It's possible to programmatically sign in and initialize the Streams library with that authentication context (via SAML / SSO which I linked above and has fully launched at this point), but I find it doubtful that there'll be a direct API within THIS library for signing in. I'll cut a tracking item on our side to look into exposing logout on Streams, and what that would involve. Hold tight for an update, I'll let you all know when I know more. |
@ninjamike54 - Thanks for keeping us posted. I think we'd be ok with a separate login tab as long as there's some way to close it and/or redirect the user back to the custom UI after they log in. |
I want to share an idea that I've suggested to AWS support. While it sounds like getting rid of the login page altogether isn't going to be possible, if we could just replace the Connect logo with our own image that would remove the most visible branding. The url will still include awsapps, but that's a little less intrusive then the logo itself. I envision this as a part of the AWS console rather than the Connect console, where we set recording and whitelisting and available Lexbots and things like that. |
@mschersten between that and allowing us to supply a redirect url, a config option to display a simple page saying to close the window, or something along similar lines (so that after login the regular CCP is not displayed). It would go a long way towards solving the issues with agent login (at least for us) |
@ninjamike54 - Thanks for the details to date. Have any of the requests from this topic made it onto a roadmap? I'm most interested in login branding and redirect URL. |
I've got the very same issue; once I've logged out using the link in the iframe, I can't log back in because of the error above. The first request to the ccpUrl, which is 'https://INSTANCE.awsapps.com/connect/ccp#', returns a Location header: Location: /connect/login?landat=%2Fconnect%2Fccp But then the same server complains about its own X-Frame-Options. That's a bit silly. I'm using SAML here for federated SSO. |
Hi @ninjamike54 - has any progress been made on this? The best I've managed so far is to call the |
Hi, this thread has been open a long time, and its something that we are still aware of. An internal team is working on this feature, but it is a big effort, so I'm unable to a proper estimate for when our authentication story will improve. When we do release this change, it will be announced in this repo and by Amazon Connect as an organization. |
@ctwomblyamzn - 10 months later, looking for an update. |
Hi @CiscoKidxx unfortunately, no updates to share. We are still aware of the feature request and it is being tracked. That's all of the information I have at this time. |
Any news on this? Considering implementing SSO but a Log in/out option in the API/SDK/CLI in some form would be really useful. |
Are the connect users stored using a cognito pool? |
I think we're encountering a similar issue to what @alxx and @AzerinnD have described above. We log-out by calling the
It takes a few seconds until the connect panel refreshes itself and re-initializes. You can see a quick example here of this behavior when signing back into connect. We've implemented the auth flow with Cognito as IDP as described in the video call escalation example. Is there any way I could fix this in my implementation? Is there any url param to provide on login so that we don't have to wait for the connect instance's refresh? |
This issue is stale because it has been open for 90 days with no activity. Remove stale label or comment to keep this active. |
It has been a while and we are closing this for now. Please reopen if this is still an issue |
Any update yet about login option using API or SDK? |
Hello,
I was wondering if it's possible to log an agent in and out using the Streams API. Since I will be eventually hiding the Amazon CCP application I need to be able to do this functionality. Also, is SSO a possibility?
Thanks,
Sean
The text was updated successfully, but these errors were encountered: