# Overview

The overall steps are the following:

1. Run a local https server for the application (dataUploader)
2. Click on the vafs link below to obtain a code.
3. Send this code to LumiNUS to exchange for an access token.
4. Use the access token within the LumiNUS API queries.

The above workflow ensures that the access token used corresponds to the permissions and privileges of the authenticated users. Anyone can use the dataUploader, but what they can do with it depends on their accorded permissions with LumiNUS.

# Setting up https server

In order to set up a local https server (as opposed to a http server), we need some self-signed certificates. Follow the instructions [here](https://codeburst.io/running-local-development-server-on-https-c3f80197ac4f) if you wish to generate your own certificates.

If you don't wish to generate your own, just use the ones in the repo.

In [1]:
from http.server import HTTPServer,BaseHTTPRequestHandler
import ssl, threading, ast
import ipywidgets as widgets
import http.client, urllib.request, urllib.parse, urllib.error, base64

In [2]:
class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):

    def do_GET(self):
        self.send_response(200)
        self.end_headers()
        #print("Hello")
        #print(self.headers.keys())
        print(self.requestline)
        self.wfile.write(b'Hello, world! Https server is working!')

In [26]:
httpd = HTTPServer(('localhost', 8080), SimpleHTTPRequestHandler)
httpd.allow_reuse_address = True

httpd.socket = ssl.wrap_socket(httpd.socket, keyfile = "cert_stuff/key.pem",
                               certfile="cert_stuff/cert.pem", server_side=True)

In [27]:
t1  = threading.Thread(target=httpd.serve_forever, daemon=True)

try:
    #httpd.serve_forever()
    t1.run()
except KeyboardInterrupt:
    httpd.shutdown()
finally:
    httpd.server_close()
    
# Use I I to send the keyboard interrupt signal

127.0.0.1 - - [16/Mar/2021 10:17:53] "GET /dataUploader?code=QsTtglsPMkmCs45vThVdjg._guPtCHo2Ah54vEIFhI3fXe6VBI.UGYPcnYatEwmWU3_JhmxiRaxatykbcz4gv0t9p0nElIqvEdbQxTfVSKZ6QQC0UBXOvNar-IKFIw4M87OCRR6CAGjDvsck7hZwFsljZOkPHWyKwIc9EKoV5KbfHHMlxbLdtgw947e6v3Jy6aapmIXiAbUjt0N2FE_MmpAYnUiwiWeAFQ__ZcZtFO7MwLlAYooaG1TJnIuT-mQYWkwAvl_MaLnnVuAwGqPVnX12L7hqT38si8hnS9qCYno_8T6UhF-FkmhIXf-QpdtL2Rr28fg2-Pk7Pp7NbCeZmhXoHUDxnIJbHR5xp0Mqr7Jq_JPGR0QpWfIMp4wtJ8GeOJhAGhVqg HTTP/1.1" 200 -


GET /dataUploader?code=QsTtglsPMkmCs45vThVdjg._guPtCHo2Ah54vEIFhI3fXe6VBI.UGYPcnYatEwmWU3_JhmxiRaxatykbcz4gv0t9p0nElIqvEdbQxTfVSKZ6QQC0UBXOvNar-IKFIw4M87OCRR6CAGjDvsck7hZwFsljZOkPHWyKwIc9EKoV5KbfHHMlxbLdtgw947e6v3Jy6aapmIXiAbUjt0N2FE_MmpAYnUiwiWeAFQ__ZcZtFO7MwLlAYooaG1TJnIuT-mQYWkwAvl_MaLnnVuAwGqPVnX12L7hqT38si8hnS9qCYno_8T6UhF-FkmhIXf-QpdtL2Rr28fg2-Pk7Pp7NbCeZmhXoHUDxnIJbHR5xp0Mqr7Jq_JPGR0QpWfIMp4wtJ8GeOJhAGhVqg HTTP/1.1


127.0.0.1 - - [16/Mar/2021 10:17:53] "GET /favicon.ico HTTP/1.1" 200 -


GET /favicon.ico HTTP/1.1


While the server is running, click on this link to authenticate with LumiNUS:

[Authentication link](https://vafs.nus.edu.sg/adfs/oauth2/authorize?response_type=code&client_id=INC000002292056&redirect_uri=https://localhost:8080/dataUploader&resource=sg_edu_nus_oauth)

The code will be returned to the server above. Copy the code and save it using the widget below. You can kill the http server now.

# Extracting code

In [28]:
code = widgets.Text(value='', placeholder='Paste code here', description='code:')
code

Text(value='', description='code:', placeholder='Paste code here')

# Exchanging for Token

The next step is to use the code value to exchange for a token which can then be used with the API. The corresponding help page on the developer API is this [one](https://luminus.portal.azure-api.net/docs/services/Login/operations/GetADFSAccessToken?).

In [29]:
headers = {
    'Ocp-Apim-Subscription-Key': 'e02ac553a8ed4da7a3762fc8195b4db0',
    'Content-Type': 'application/x-www-form-urlencoded'
}

In [30]:
body = 'grant_type=authorization_code&client_id=INC000002292056&resource=sg_edu_nus_oauth&code=' + \
       code.value + '&redirect_uri=https://localhost:8080/dataUploader'
# body

In [31]:
conn = http.client.HTTPSConnection('luminus.azure-api.net')
conn.request("POST", "/login/ADFSToken", body, headers)
response = conn.getresponse()
data = response.read()
#print(data)

In [32]:
data_dict = ast.literal_eval(data.decode("UTF-8"))
a_token = data_dict["access_token"]

In [33]:
a_token

'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOlsiU3R1ZGVudCIsIlRBIiwiRGFzaGJvYXJkTmV3c1N0dWRlbnQuVmlldyJdLCJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiOiJqb2VsdGFud3JAdS5udXMuZWR1Iiwic3ViIjoiZmM0MzkwMmQtNjc2ZS00MGZhLWE5ZjctODA5MWQ4Yjc3MGY2Iiwic2FtQWNjb3VudE5hbWUiOiJlMDE5Njg0OCIsIm5iZiI6MTYxNTg2MTA4NywiZXhwIjoxNjE1OTQ3NDg3fQ.kaLHvf5VGy43aBNgvk18wxkcQfutEViAy1vNHlngP1w'

# Calling LumiNUS API


## Getting User Profile

The reference page for this request is [this one](https://luminus.portal.azure-api.net/docs/services/User/operations/GetMyProfile/console).

In [34]:
headers = {
    # Request headers
    'Ocp-Apim-Subscription-Key': 'e02ac553a8ed4da7a3762fc8195b4db0',
    'Content-Type': 'application/json',
    'Authorization': f'Bearer {a_token}'
}

In [38]:
conn = http.client.HTTPSConnection('luminus.azure-api.net')
# conn.request("GET", "/user/Profile?%s" % params, "{body}", headers)
conn.request("GET", "/user/Profile", headers=headers)
response = conn.getresponse()
data = response.read()

In [39]:
data

b'{"id":"fc43902d-676e-40fa-a9f7-8091d8b770f6","userID":"e0196848","userNameOriginal":"JOEL TAN WAN RONG","userMatricNo":"A0170893W","userFaculty":"Faculty of Science","nickName":"anon","mobileNo":"91998040","officialEmail":"e0196848@u.nus.edu","email":"e0196848@u.nus.edu","displayPhoto":false}'

In [41]:
data_dict = ast.literal_eval(data.decode('UTF-8').replace('true', 'True').replace('false', 'False'))

In [42]:
data_dict

{'id': 'fc43902d-676e-40fa-a9f7-8091d8b770f6',
 'userID': 'e0196848',
 'userNameOriginal': 'JOEL TAN WAN RONG',
 'userMatricNo': 'A0170893W',
 'userFaculty': 'Faculty of Science',
 'nickName': 'anon',
 'mobileNo': '91998040',
 'officialEmail': 'e0196848@u.nus.edu',
 'email': 'e0196848@u.nus.edu',
 'displayPhoto': False}

In [43]:
conn.close()

## Files API call

I would like to be able to use [this call](https://luminus.portal.azure-api.net/docs/services/Files/operations/AddFolder?) to set access rights to individual files.