Forum Discussion

Dave1865's avatar
Dave1865
Copper Contributor
Jul 23, 2024

Unable to get authentication token for submitting Universal Print print job

Hi,

 

I'm trying to get the authentication token from the UP server so I can create and submit a print job to a printer share.  I'm using the authority and redirect URIs, along with the client ID, from the GetAADToken.cs code (microsoft-cups fork) but after signing in, with an account that has UP access, the only thing that happens is an empty file named 'nativeclient' is downloaded, no token is generated and the browser window doesn't close.  When I close the browser window I get an error back indicating the request was cancelled.

 

Is it possible to acquire a token from macOS in a third party app so jobs can be submitted directly to a Universal Print printer share?

 

Thanks,

Dave

 

@Braeden_Petruk_MSFT

6 Replies

    • Dave1865's avatar
      Dave1865
      Copper Contributor
      Nov 04, 2024

      jakekaplow 

       

      Hi Jake,

       

      I haven't registered my app in the tenant, seems unnecessary since how would a user of my app know what to register in their tenant?  The executable ipptool (microsoft-cups fork) doesn't need to be registered in my tenant to work.

       

      >Is there a reason you don't want to use the https://aka.ms/universalprint/macos/app?

      The first party app is a Preferences addition and doesn't provide API support that I'm aware of.  I need to talk to the UP server to get the actual IP of the device, but the UP server keeps replying "Unauthorized".  I try to follow the example in GetAADToken (part of Microsoft's fork of CUPS) to get the authentication token but it doesn't work.

       

      For printing (mentioned in the initial message), I've abandoned this approach and I'm using the macOS print queue setup by the first party macOS app.  I still need the real IP of the device, if not in a zero-trust environment, so I scan from the device.

       

      Thanks,

      Dave

       

      • jakekaplow's avatar
        jakekaplow
        Former Employee
        Nov 04, 2024

        Dave1865 

         

        Got it. You can use the client ID in the tool for testing, but you'll need to register your own app if you're building a third-party solution. Regardless, what you're trying to do should still work. Can you try changing the redirect URI to http://localhost ?

         

        You can also try this Python script:

         

        from msal import PublicClientApplication
app = PublicClientApplication('2e8ebe07-1160-4287-b789-a31e5072383a')
token = app.acquire_token_interactive(['https://print.print.microsoft.com/.default'])
print(token)

         

         MSAL Python docs. Access token will be in `token.access_token`.

         

        If it still doesn't work, maybe there's some firewall/network configuration issue. MSAL needs to be able to open a port to get the response from Entra ID. I've also seen some browsers have localhost on their HSTS list. You might need to disable that.

         

        Btw, I don't think you're going to be able to get the IP of the printer from UP.

         

        Jake

Resources