Using OAuth authentication with your application

Return to top

44 Comments

  • David Blevins

    Hi Support,

    Once the user has been authenticated, how can we use the ZenDesk API to figure out exactly who was just authenticated?  Is there an API call we can use to find the id of the user associated with the token and get basic information such as their email and what organization they belong to?

    1
  • Cesar Mak

    hi Greg!

    Excuse me for the late reply and it works well with `Implicit grant flow` &  `Password grant type`, but not with `Authorization code grant flow`. 

    Is there a more stepwise guide on how to get that flow working?

     

    0
  • IT Support

    Good evening,

    In trying to setup the oauth authorization flow, I am getting a 405 on the preflight request to /oauth/tokens. I have double, triple and quadruple checked my code against the docs and examples, but with no success. Am I missing something in understanding what Zendesk expects to grant an access token? For example, am I running into errors because my origin is http://localhost:8081(i.e. not https)? Is there a way to avoid the sending a preflight with the OPTIONS method that's returning the 405?

    onMounted(() => {
    let authCode;
    if (route.query.code) {
      authCode = route.query.code
      requestZendeskAccessToken(authCode)
    };
    })

    const requestZendeskAccessToken = (authCode) => {
    const url = "https://{SUBDOMAIN}.zendesk.com/oauth/tokens";
    const data = {
      'grant_type': 'authorization_code',
      'code': authCode,
      'client_id': '{CLIENT_ID}',
      'client_secret': '{SECRET}',
      'redirect_uri': 'http://localhost:8081/order/search',
      'scope': 'read write'
    }

    axios.post(url, data, {
      headers: {'Content-Type': 'application/json'}
    })
      .then(data => console.log("Successful Access Token Req ", data))
      .catch(err => console.log("Failed Access Token Req ", err));
    }

    // ...Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
    1
  • Robert Newman

    We are also seeing this issue having cropped up in the last couple of weeks with our application that was working and there have been no changes on our end recently. 

    I have noticed in testing that the format of the access_token has changed it is now twice as long as some of the ones that were created. The older shorter tokens continue to work but I get a similar error message to Cesar when using the newer style tokens. 

    "The access token provided is expired, revoked, malformed or invalid for other reasons."

    0
  • Georg

    Hi there, 

    We would like to allow a 3rd party service to pull data from our Help Center articles via API. If I get this right, OAuth authentication would be a good choice, but I don't see any option to restrict the API requests to ready-only. Is this possible? Does my question even make sense? ;-) 

    0
  • Dainne Lucena
    Zendesk Customer Care

    Hi Georg

    This might be an article (OAuth Tokens-Scopes) worth checking out. It provides details regarding the scopes parameter so you can set the access as either "read" or "write". Hope this helps!

    0
  • Georg

    Thanks, Dainne! 

     
    0
  • Pavan

    Hi Support Team,

    How do I renew the token which is generated using https://{{baseurl}}/oauth/tokens? Please help.

    0
  • Wyatt

    Hi, is there a way to force a user to re-login when they go through the OAuth flow? I tried adding  "&login=true" to the URL, but that did not work.

    0
  • a a

    i am getting this error


     

    0
  • Dainne Lucena
    Zendesk Customer Care

    Hi a a
     
    Based from the screenshot you provided I would suggest looking into this developer doc as well to help you with the Help Center API.

    The "invalid authorization request no such client" error can occur when the Client ID/secret is incorrect, or if an incorrect redirect URL is configured.

     
    The OAuth "Client ID" that should be used is the "Unique Identifier" value that's displayed in the Admin Center > Apps and integrations () > APIs > Zendesk APIs > OAuth Clients screen:

    If using our APIs to access the list of OAuth clients, it's the "identifier" attribute returned by the /api/v2/oauth/clients endpoint. Make sure to use this identifier value and not the 'id' value returned by the API.

    Hope this helps!

    0
  • Mullai Rajan

    How to get the Client's data such as email id, username, etc., After being OneAuthenticated in my Application, to be specific after obtaining the access_token, How to extract or fetch the client's Data?

    Just like the JSON, we get from the 'me.json' request.

     

    1
  • Dane
    Zendesk Engineering
    Hi Mullai,

    OAuth 2 is used to authenticate all your application's API requests to Zendesk. Once it has been completed, you can refer to Zendesk API, for all the available data that you can extract from your Zendesk instance.
    0
  • Prashant Bajpai

    Hello, 

    I generated the access token using OAuth client flow with "read" scope. When I try fetching any details, I get this error - 

    {
    "error": "invalid_token",
    "error_description": "The access token provided is expired, revoked, malformed or invalid for other reasons."
    }

    What am I doing wrong?

    0

Please sign in to leave a comment.

Powered by Zendesk