Recent searches


No recent searches

Using OAuth authentication with your application



image avatar

Charles Nadeau

Zendesk Documentation Team

Edited Jan 08, 2025


15

58

58 comments

We recently created an integration with Zendesk which allows our agents who are logged into the Zendesk support to have access to an internal tool. Every time agents attempt to access our tool, we're presented with a message to "Allow Access to Your Zendesk Account?" This didn't happen during our testing in our Zendesk sandbox account, but it happens in production. Any thoughts on how to make this a one-time "Allow" rather than requiring it every time they log in?

0


image avatar

Greg Katechis

Zendesk Developer Advocacy

Hi Paul! Could you share a bit more information about this integration and how the auth flow is implemented? Please provide as much detail as you can share in a public forum!

0


image avatar

Greg Katechis

Zendesk Developer Advocacy

Hi Raghav, I responded here!

0


Hello, I'm trying to implement the Password grant type OAuth flow, and I'm having trouble understanding how I'm supposed to obtain the user's username and password in order to request the OAuth token for the first time. This section seems to imply that there is an endpoint to retrieve the username and password I need, but I haven't been able to find this endpoint. Any advice? Thanks

0


Hello,

Do you support OIDC brokering?
Idea is that I have IDP and my web users should authenticate with my IDP via SSO.

 

0


image avatar

Jason Schaeffer

Zendesk Customer Care

Hello Vitaliy,

Zendesk does not currently support OpenID Connect, and according to our product team, this is not currently something on our Road Map.  Apologies for the inconvenience. 

0


The "authenticity_token" mentioned in the comment above https://support.zendesk.com/hc/en-us/articles/203663836/comments/360000042747 doesn't work for me. The format of the csrf_token (which I was able to access using the v1 template api) and this authenticity_token are different. 

0


Hi there. I've implemented the OAuth authentication flow as suggested and have requested the following scopes:

'users:write tickets:write organizations:write identities:write read'

Everything works as expected, except when I try to use Zendesk's API to delete user identities. I get the following error:

{"error":"Forbidden","description":"You are missing the following required scopes: write"}

Shouldn't the 'users:write' scope let me manage user identities? Or do I need an additional scope? Looks like that 'identities:write' is not a valid option

3


Hello Bernardo, 

I'd like to look further into this, I'll be creating a ticket for you, kindly expect an email shortly. 

0


image avatar

Greg Katechis

Zendesk Developer Advocacy

Hi Tiel! Is this in relation to a Zendesk feature or is this just a general question about Oauth?

1


I have been trying to implement OAuth in Rest API.
Please note that I don't have web app(in which I can use redirect URL)
Only Backend - REST api

With all the oauth Authentication types, it is confusing to follow which one is the best to do.?
Which curl commands helps me authenticating with Zendesk successfully using oauth

Is the password grant type best suited for this type with below curl command? or what alternatives we have ?

curl https://{subdomain}.zendesk.com/oauth/tokens \
  -H "Content-Type: application/json" \
  -d '{"grant_type": "password", "client_id": "{your_client_id}", 
    "client_secret": "{your_client_secret}", "scope": "read",
    "username": "{zendesk_username}", "password": "{zendesk_password}"}' \
  -X POST

0


Hi, im generating an OAuth token in Zendesk for our developers, but we are getting :unauthorised" even in the simple curl  command for example:

curl https://obscura.zendesk.com/api/v2/users.json \ -H "Authorization: Bearer gErypPlm4dOVgGRvA1ZzMH5MQ3nLo8bo"

we are getting : {"error":"invalid_token","error_description":"The access token provided is expired, revoked, malformed or invalid for other reasons."}

What are we doing wrong?

0


Hi,

How can I get the full access token within just one API? I'm using javascript to call, and implement a ticket form from my website.

 

1


image avatar

Cheeny Aban

Zendesk Customer Care

Hi Chinh Phan

What do you mean by full access API token? Can you tell us more about your use case so we can check it for you?

 

0


Hi Cheeny Aban,

I'm implement the contact form from Frontend via Javascript, submit Ticket to Zendesk. Look like this: 

When I try to POST a ticket to zendesk, I'm facing the CORs issue (I used all tokens, aouth in zendesk setting).

Ticket's API requires the authorization is "Bearer " + access_token.

I thought the API get access_token work when I tested via Postman: https://{subdomain}.zendesk.com/api/v2/oauth/tokens
But no, when I apply API get access token to javascript code. I'm also facing the CORs issue.

If I implement as in the document at: https://support.zendesk.com/hc/en-us/articles/203663836?page=3#topic_ar1_mfs_qk

when browser redirect to the url: https://{subdomain}.zendesk.com/oauth/authorizations/new?response_type=code&redirect_uri={your_redirect_url}&client_id={your_unique_identifier}&scope=read%20write

It forces I have to login into zendesk. It is not feasible for users who do not have an account.

1


Not sure if this is the correct place to ask this but I'm trying to create a workaround for limitations in Zendesk Automation, I need to be able to add private comments to a ticket when an automation does change the ticket, just to inform any agent that would open up the ticket after the automation is executed.

Now I've achieved this using Webhooks to call Zendesk API

But only by using my own username, this will result in a certain username being placed with the comment, making it look like I made that internal comment.

My desire is to make it look like the system, which indeed is doing this, made the internal comment.

It appears that I can't use the Zendesk API Token unless I use my own username, please correct me if I'm wrong

And I can't get the OAuth Client tokens to work as a bearer token authentication.

What am I missing?

Best regards
Oskar

 

 

1


Is there an existing query parameter I can use to force login on the authorization step? Currently if a user is already logged in it goes directly to the Authorization screen. I'd like to force users to login every time they go through the flow.
The use case is that our integration requires an administrator and we can't figure this out until after we retrieve the token and then retrieve the authenticated user by ID

0


Actually figured it out just now using the UI - `&login=true`

0


I have a trial account for zendesk and I am trying to use OAuth for my api requests and it is returning invalid token. If I use basic auth it works but I can't use basic auth for my client side application to make calls because of the CORS policy. I would love to know if it is possible to use OAuth with my trial account?

 

0


image avatar

Cheeny Aban

Zendesk Customer Care

Hi Marshal, 

Yes, OAuth token use is supported in Trial accounts. If you are seeing invalid token errors, I would recommend that you double-check our documentation on setting up different OAuth grant flows to ensure that the parameters of your requests are in line with our expected tokens as per that article. If you are still seeing errors, I would recommend that you open a ticket with us, so we can dig deeper and investigate. 

0


Hi Team,

I have followed your instructions and I got the access token. But there is no information about finding the authenticated user-id using the access token.

Can you please advise me to find authenticated user details?

 

Thanks

0


image avatar

Greg Katechis

Zendesk Developer Advocacy

Hi Jishnu! We don't currently provide support for the underlying standard (OpenID Connect), so there is not currently any way to retrieve user data from an access token. 

0


Hello

Is there any way to revoke global OAuth client? What if it was created by the member who left organization?

Thanks

0


Hello

Can an OAuth client have more than one access token, or bearer token as you may?

I ran 

https://{subdomain}.zendesk.com/oauth/tokens

request twice in a row and the second one revoked my authorization_code. I suspect that it is caused by some sort of Single Access Token Per Subject policy, right?

Thank you

0


image avatar

Dane

Zendesk Engineering

Hi Vlad, 
 
It can be revoked using the endpoint Revoke Token.
 
@Jonas,
 
As it turns out, you are not allowed to use multiple access tokens. Hence, the behavior you have experienced is expected.

0


Hi Dane,

Thanks for you answer, revoking a token seems to be clear.

Now how about revoking (or deleting/disabling/whatever) OAuth client?

Thanks, Vlad.

0


image avatar

Dane

Zendesk Engineering

Hi Vlad,
 
You can use: Delete Client
 
DELETE /api/v2/oauth/clients/{oauth_client_id}

0


Hi Support, 

I tried the `Authorization code grant flow` and it worked well to get access token (for listing tickets), but the flow does not suit my application.

So I was trying with the `Password grant type` flow. My account (xyz@abc.com) is an "user" instead of an "admin". Thr organization has 2FA enabled. On trying the POST Api, I got the error below.

Is 2FA a blocking factor for such scenario?

 

{
"error": "invalid_grant",
"error_description": "The provided access grant is invalid, expired, or revoked (e.g. invalid assertion, expired authorization token, bad end-user password credentials, or mismatching authorization code and redirection URI)."
}

0


image avatar

Greg Katechis

Zendesk Developer Advocacy

Hi Cesar! 2FA and OAuth should not be an issue. Have you confirmed that the issue is not one of the (relevant) errors provided in the response?

0


Please sign in to leave a comment.