Using OAuth authentication with your application

Hi Support,

Once the user has been authenticated, how can we use the ZenDesk API to figure out exactly who was just authenticated?  Is there an API call we can use to find the id of the user associated with the token and get basic information such as their email and what organization they belong to?

hi Greg!

Excuse me for the late reply and it works well with `Implicit grant flow` &  `Password grant type`, but not with `Authorization code grant flow`. 

Is there a more stepwise guide on how to get that flow working?

Good evening,

In trying to setup the oauth authorization flow, I am getting a 405 on the preflight request to /oauth/tokens. I have double, triple and quadruple checked my code against the docs and examples, but with no success. Am I missing something in understanding what Zendesk expects to grant an access token? For example, am I running into errors because my origin is http://localhost:8081(i.e. not https)? Is there a way to avoid the sending a preflight with the OPTIONS method that's returning the 405?

onMounted(() => {
  let authCode;
  if (route.query.code) {
    authCode = route.query.code
    requestZendeskAccessToken(authCode)
  };
})

const requestZendeskAccessToken = (authCode) => {
  const url = "https://{SUBDOMAIN}.zendesk.com/oauth/tokens";
  const data = {
    'grant_type': 'authorization_code',
    'code': authCode,
    'client_id': '{CLIENT_ID}',
    'client_secret': '{SECRET}',
    'redirect_uri': 'http://localhost:8081/order/search',
    'scope': 'read write'
  }

  axios.post(url, data, {
    headers: {'Content-Type': 'application/json'}
  })
    .then(data => console.log("Successful Access Token Req ", data))
    .catch(err => console.log("Failed Access Token Req ", err));
}

// ...Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

We are also seeing this issue having cropped up in the last couple of weeks with our application that was working and there have been no changes on our end recently. 

I have noticed in testing that the format of the access_token has changed it is now twice as long as some of the ones that were created. The older shorter tokens continue to work but I get a similar error message to Cesar when using the newer style tokens. 

"The access token provided is expired, revoked, malformed or invalid for other reasons."

Hi there, 

We would like to allow a 3rd party service to pull data from our Help Center articles via API. If I get this right, OAuth authentication would be a good choice, but I don't see any option to restrict the API requests to ready-only. Is this possible? Does my question even make sense? ;-) 

Hi Georg

This might be an article (OAuth Tokens-Scopes) worth checking out. It provides details regarding the scopes parameter so you can set the access as either "read" or "write". Hope this helps!

Thanks, Dainne! 

Hi Support Team,

How do I renew the token which is generated using https://{{baseurl}}/oauth/tokens? Please help.

Hi, is there a way to force a user to re-login when they go through the OAuth flow? I tried adding  "&login=true" to the URL, but that did not work.

i am getting this error

Hi a a. 
 
Based from the screenshot you provided I would suggest looking into this developer doc as well to help you with the Help Center API.

The "invalid authorization request no such client" error can occur when the Client ID/secret is incorrect, or if an incorrect redirect URL is configured.

 
The OAuth "Client ID" that should be used is the "Unique Identifier" value that's displayed in the Admin Center > Apps and integrations () > APIs > Zendesk APIs > OAuth Clients screen:

If using our APIs to access the list of OAuth clients, it's the "identifier" attribute returned by the /api/v2/oauth/clients endpoint. Make sure to use this identifier value and not the 'id' value returned by the API.

Hope this helps!

How to get the Client's data such as email id, username, etc., After being OneAuthenticated in my Application, to be specific after obtaining the access_token, How to extract or fetch the client's Data?

Just like the JSON, we get from the 'me.json' request.

Hello, 

I generated the access token using OAuth client flow with "read" scope. When I try fetching any details, I get this error - 

{
   "error": "invalid_token",
   "error_description": "The access token provided is expired, revoked, malformed or invalid for other reasons."
}

Hi Dane

Is there anyway to prevent the delete capability when I need the write scope for tickets and users?

For generate token i use link https://{{sub-domain}}.zendesk.com/oauth/tokens
after that try send request to endpoint https://api.getbase.com/v2/leads
and receive response:

Hello! I have tested the two endpoints for revoking token, and noticed the one ending with /current does not work as expected. I get a 204 response, but I can continue using the same token for future requests.

I did a comparison of the other revoke endpoint that requires you to pass in the /{oauth_token_id} and this works as expected - all subsequent requests return with a 401 unauthorized.

Is this expected, or am I missing something?

I would prefer to use that endpoint because the access token we provide does not have full read scopes, preventing the use of the show token endpoint to retrieve the oauth_token_id and revoke using the working endpoint.

Hi Greg Katechis,

We have been trying to create a channel app where we are attempting to implement OAuth with a third-party application.
As expected, we have been granted the code to our redirect URL and we generated the access token, but I am clueless as to where I can find information on how to redirect back to the admin UI in the channel app automatically once the OAuth process is completed.
Could you please help me on this

HI Team, 

I am using my global identifier as the subdomain instead of subdomain, but nothing is working. Can someone help please ?

Hi folks! I have this flow working perfectly - only I have had some users state that they normally login to Zendesk via SSO or Google. Right now my OAuth flow requires them to sign in with username and password - and in some cases - users dont remember their login/password ha! Is there any way to quickly add these methods ? Or do I need to develop that from start to finish? Thanks!

Hey Zendesk Support Team!

I am trying to implement login thru Zendesk in my UI application and faced issue with losing popup window that is opened for user to log in into Zendesk. 

The way how it supposed to work is:

1. User clicks login button

2. It opens new window and redirects to `/oauth/authorizations/new`

3. Once user is successfully logged in, on final redirect, I am preserving code (for this I need a way to communicate back to main window)

And it all works fine if in the same browser session user is already logged into Zendesk so on login thru my application it immediately receives code/token, all is working fine.

But if user is not signed into Zendesk yet, then when I am opening popup, Zendesk closes it and opens new, with it's login form. Not sure why it can't happen in the same window. And the issue here is that I don't have anymore a way to communicate with my main window where the login flow was initiated.

Is it something that was done by intention? Is there any way to prevent this extra window re-creation?

I can get everything to work except the final step when calling “https://{subdomain}.zendesk.com/oauth/tokens”. This is returning a CORs error, and hence, we cannot move forward. All other endpoints work fine, and if I call the endpoint using CURL and the same parameters, I get a valid response. So this is purely a CORs issue. Can you help?

I’m trying to implement OAuth authentication, but I’m getting a generic error:

“Invalid Authorization Request”

• Error: invalid_request

• Description: “The request is missing a required parameter, includes an unsupported parameter or value, or is otherwise malformed.”

URL I’m using:

https://{subdomain}.zendesk.com/oauth/authorizations/new?response_type=code&redirect_uri={URI}&client_id={UNIQUE_IDENTIFIER}&scope=read

Can you help me debug this?

I'm having the same issue with Amit.

“Invalid Authorization Request”

• Error: invalid_request

• Description: “The request is missing a required parameter, includes an unsupported parameter or value, or is otherwise malformed.”

https://{subdomain}.zendesk.com/oauth/authorizations/new?response_type=code&redirect_uri={URI}&client_id={UNIQUE_IDENTIFIER}&scope=read

Anyone has any ideas?