Help

Trying to upload compliance editor guidance to Jamf Pro

wrinks
New Contributor II

Posted on ‎11-13-2023 11:44 AM

Hi all,

 

I'm trying to upload a guidance from Compliance Editor to Jamf pro. I'm at the portion where it's asking for a client ID and secret. I haven't used the jamf API before and I know you need to create a API role first, but I'm not sure what privileges I would need for a compliance editor upload.

Labels:
Reply
4 REPLIES 4

Tangentism
Contributor III

‎11-14-2023 03:38 AM - edited ‎11-14-2023 03:50 AM

The guide (link at the bottom of that page) gives a list of the required API permissions, under the section: Uploading to Jamf Pro > Use safe practices

It shows this require permissions matrix.

Screenshot 2023-11-14 at 11.39.44.png

Reply

wrinks
New Contributor II

Posted on ‎11-14-2023 12:49 PM

Thanks. That answered my question.

 

Problem now is it's still saying it's failing to generate a token and to verify my username and password. I've copied and pasted the client id and secret into the requisite fields so I'm not sure where I'm going wrong...

0 Kudos
Reply

Tangentism
Contributor III

Posted on ‎11-15-2023 02:31 AM

Feel free to use my zsh code:

 

# Jamf API URL
jamfURL="https://[yourserver].jamfcloud.com"

# API Credentials
client_id="xxxxxxx"
client_secret="xxxxxxx"

# TOKEN ACQUSITION

getAccessToken() {
    response=$(
        /usr/bin/curl \
            --silent \
            --location \
            --request POST "${jamfURL}/api/oauth/token" \
            --header "Content-Type: application/x-www-form-urlencoded" \
            --data-urlencode "client_id=${client_id}" \
            --data-urlencode "grant_type=client_credentials" \
            --data-urlencode "client_secret=${client_secret}"
    )
    access_token=$(echo "$response" | plutil -extract access_token raw -)
    token_expires_in=$(echo "$response" | plutil -extract expires_in raw -)
    token_expiration_epoch=$(($current_epoch + $token_expires_in - 1))
}

checkTokenExpiration() {
    current_epoch=$(date +%s)
    if [[ token_expiration_epoch -ge current_epoch ]]; then
        echo "Token valid until the following epoch time: " "$token_expiration_epoch"
    else
        echo "No valid token available, getting new token"
        getAccessToken
    fi
}

invalidateToken() {
    responseCode=$(
        /usr/bin/curl \
            -w "%{http_code}" \
            -H "Authorization: Bearer ${access_token}" $jamfURL/api/v1/auth/invalidate-token \
            -X POST \
            -s -o /dev/null
    )
    if [[ ${responseCode} == 204 ]]; then
        echo "Token successfully invalidated"
        access_token=""
        token_expiration_epoch="0"
    elif [[ ${responseCode} == 401 ]]; then
        echo "Token already invalid"
    else
        echo "An unknown error occurred invalidating the token"
    fi
}
0 Kudos
Reply

Tangentism
Contributor III

Posted on ‎11-15-2023 06:12 AM

Ignore that.... Looking at too many windows to realise you were using their tool.....

0 Kudos
Reply