Sample: Manage credentials via locally-built custom libraries

To demonstrate how scripting works in Workiva, we previously built a script that updates a cell in a spreadsheet. This article builds upon that example by demonstrating how to perform the same operation using token-based authentication.

Note: Scripting is currently only available through Customize Workiva.  Learn more.

要求

• Workiva Scripting must be enabled for your workspace.Learn more about Workiva Scripting.
• The Script Editor role is required to create or edit scripts.
  
  

Step 1: Create a script file

This script is a variation of the one used in our Sample: Script to update spreadsheets article. This version protects the client ID and client secret, and instead obtains a token that allows the code to authenticate into Workiva.

To build the script in your workspace, follow these steps:

1. From Home, click + Create => Script.
   
2. On the right side, enter a name and brief description for the script.
   
3. Go the the script editor in the middle of the screen and delete any existing code. Copy and paste in the following:
   

   # Welcome to Workiva Scripting import requests import json import os from WorkivaAuth import WorkivaAuth OUTPUT_SS_ID = os.getenv('OUTPUT_SS_ID') OUTPUT_SHEET_ID = os.getenv('OUTPUT_SHEET_ID') SS_API_URL = 'https://api.app.wdesk.com/platform/v1/spreadsheets/' class SSApi: def __init__(self, accessToken, ssId, sheetId): self._accessToken = 'Bearer ' + accessToken self._headers = {'Authorization': self._accessToken} self._ssId = ssId self._sheetId = sheetId def updateRange(self, range, values): url = SS_API_URL + self._ssId + "/sheets/" + \ self._sheetId + "/values/" + range requests.put(url, headers=self._headers, data=json.dumps(values)) def updateSS(outputSSApi: SSApi): values = [] values.append(["Hello World"]) outputSSApi.updateRange('A1', {"values": values}) def main(): authToken = WorkivaAuth.getWorkivaAuthToken() outputSSApi = SSApi(authToken, OUTPUT_SS_ID, OUTPUT_SHEET_ID) updateSS(outputSSApi) print("SS updated!!!") main() 

4. 按一下「儲存」(Save)。
   

Step 2: Generate dependencies on your local machine

As you work through this section, you'll notice this variation does not include any code to generate a token based on client ID and client secret. Rather, the code is abstracted into a locally-created library named WorkivaAuth and then packed into the dependencies.zip bundle alongside the request library.

To follow along, open the terminal on your local machine and complete these steps:

1. Create a folder named Creds.
   

   mkdir Creds

2. Step inside the Creds folder.
   

   cd Creds

3. Create a requirements.txt file with the following content:
   

   ./WorkivaAuth/dist/WorkivaAuth-1.0.tar.gz requests==2.29.0

4. Create a folder named WorkivaAuth.
   

   mkdir WorkivaAuth

5. Step inside the WorkivaAuth folder.
   

   cd WorkivaAuth

6. In the WorkivaAuth folder, create a setup.py file with the following content:
   

   from setuptools import setup, find_packages setup( name='WorkivaAuth', version='1.0', packages=find_packages(), install_requires=[ 'requests' ] ) 

7. In the WorkivaAuth folder, create another folder named WorkivaAuth.
   

   mkdir WorkivaAuth

   Note: This isn't a typo. The correct path is ./WorkivaAuth/WorkivaAuth.

8. Step into the WorkivaAuth folder you just created.
   

   cd WorkivaAuth

9. Create an empty __init__.py file and a WorkivaAuth.py file in the WorkivaAuth/WorkivaAuth folder with the following content:
   

   # WorkivaAuth import requests import json # Replace with the actual URL AUTH_URL = "https://api.app.wdesk.com/iam/v1/oauth2/token" # Define the missing variable CLIENT_ID CLIENT_ID = "your_client_id" # Define the missing variable CLIENT_SECRET CLIENT_SECRET = "your_client_secret" def getWorkivaAuthToken(): data = { 'client_id': CLIENT_ID, 'client_secret': CLIENT_SECRET, 'grant_type': 'client_credentials' } # Replace with the appropriate headers headers = { 'Content-Type': 'application/x-www-form-urlencoded', } tokenRes = requests.post( AUTH_URL, data=data, headers=headers ) tokenResponse = json.loads(tokenRes.text) return tokenResponse['access_token'] 

   You should have now the following folder structure:

    Creds/ |-- WorkivaAuth/ | |-- WorkivaAuth/ | | |-- __init__.py | | |-- WorkivaAuth.py | |-- setup.py |-- requirements.txt

10. Step back into the Creds folder.

    cd ..

    cd ..

11. Run the following commands to generate your WorkivaAuth distribution package. 
    

    cd WorkivaAuth

    python3 setup.py sdist

    cd ..

12. Install the dependency into a new Dependencies directory. 
    

    pip3 install --target ./dependencies --requirement requirements.txt

13. Create a dependencies.zip file.
    

    cd dependencies

    zip -r ../dependencies.zip .

    cd ..

In the final part of this article, we'll show you how to upload this file to the script created in Step 1.

Step 3: Upload dependencies to Workiva

Now that you've created your dependencies file, you'll return to Workiva and upload it as a source.

1. Go to Workiva Scripting and open the script file you created earlier in this article.
2. Go to the Sources panel on the left side; right-click in the blank space just below the current file, and select Upload Source Files.
   
3. Select Browse and locate the dependencies.zip file you created in the previous step.
4. Upload the dependencies.zip file to finish.
   

You should see a non-selectable source named dependencies.zip, indicating you're now ready to authenticate into Workiva without exposing any credentials!