Using OAuth authentication with your application



image avatar

Charles Nadeau

Zendesk Documentation Team

Edited Jun 16, 2025


15

65

65 comments

      Hello

      Can an OAuth client have more than one access token, or bearer token as you may?

      I ran 

      https://{subdomain}.zendesk.com/oauth/tokens

      request twice in a row and the second one revoked my authorization_code. I suspect that it is caused by some sort of Single Access Token Per Subject policy, right?

      Thank you

      0


      Hello

      Is there any way to revoke global OAuth client? What if it was created by the member who left organization?

      Thanks

      0


      Hi Jishnu! We don't currently provide support for the underlying standard (OpenID Connect), so there is not currently any way to retrieve user data from an access token. 

      0


      Hi Team,

      I have followed your instructions and I got the access token. But there is no information about finding the authenticated user-id using the access token.

      Can you please advise me to find authenticated user details?

       

      Thanks

      0


      Hi Marshal, 

      Yes, OAuth token use is supported in Trial accounts. If you are seeing invalid token errors, I would recommend that you double-check our documentation on setting up different OAuth grant flows to ensure that the parameters of your requests are in line with our expected tokens as per that article. If you are still seeing errors, I would recommend that you open a ticket with us, so we can dig deeper and investigate. 

      0


      I have a trial account for zendesk and I am trying to use OAuth for my api requests and it is returning invalid token. If I use basic auth it works but I can't use basic auth for my client side application to make calls because of the CORS policy. I would love to know if it is possible to use OAuth with my trial account?

       

      0


      Actually figured it out just now using the UI - `&login=true`

      0


      Is there an existing query parameter I can use to force login on the authorization step? Currently if a user is already logged in it goes directly to the Authorization screen. I'd like to force users to login every time they go through the flow.
      The use case is that our integration requires an administrator and we can't figure this out until after we retrieve the token and then retrieve the authenticated user by ID

      0


      Not sure if this is the correct place to ask this but I'm trying to create a workaround for limitations in Zendesk Automation, I need to be able to add private comments to a ticket when an automation does change the ticket, just to inform any agent that would open up the ticket after the automation is executed.

      Now I've achieved this using Webhooks to call Zendesk API

      But only by using my own username, this will result in a certain username being placed with the comment, making it look like I made that internal comment.

      My desire is to make it look like the system, which indeed is doing this, made the internal comment.

      It appears that I can't use the Zendesk API Token unless I use my own username, please correct me if I'm wrong

      And I can't get the OAuth Client tokens to work as a bearer token authentication.

      What am I missing?

      Best regards
      Oskar

       

       

      1


      Hi Cheeny Aban,

      I'm implement the contact form from Frontend via Javascript, submit Ticket to Zendesk. Look like this: 

      When I try to POST a ticket to zendesk, I'm facing the CORs issue (I used all tokens, aouth in zendesk setting).

      Ticket's API requires the authorization is "Bearer " + access_token.

      I thought the API get access_token work when I tested via Postman: https://{subdomain}.zendesk.com/api/v2/oauth/tokens
      But no, when I apply API get access token to javascript code. I'm also facing the CORs issue.

      If I implement as in the document at: https://support.zendesk.com/hc/en-us/articles/203663836?page=3#topic_ar1_mfs_qk

      when browser redirect to the url: https://{subdomain}.zendesk.com/oauth/authorizations/new?response_type=code&redirect_uri={your_redirect_url}&client_id={your_unique_identifier}&scope=read%20write

      It forces I have to login into zendesk. It is not feasible for users who do not have an account.

      1


      Sign in to leave a comment.