Using OAuth authentication with your application

Return to top


  • David Blevins

    Hi Support,

    Once the user has been authenticated, how can we use the ZenDesk API to figure out exactly who was just authenticated?  Is there an API call we can use to find the id of the user associated with the token and get basic information such as their email and what organization they belong to?

  • Cesar Mak

    hi Greg!

    Excuse me for the late reply and it works well with `Implicit grant flow` &  `Password grant type`, but not with `Authorization code grant flow`. 

    Is there a more stepwise guide on how to get that flow working?


  • IT Support

    Good evening,

    In trying to setup the oauth authorization flow, I am getting a 405 on the preflight request to /oauth/tokens. I have double, triple and quadruple checked my code against the docs and examples, but with no success. Am I missing something in understanding what Zendesk expects to grant an access token? For example, am I running into errors because my origin is http://localhost:8081(i.e. not https)? Is there a way to avoid the sending a preflight with the OPTIONS method that's returning the 405?

    onMounted(() => {
    let authCode;
    if (route.query.code) {
      authCode = route.query.code

    const requestZendeskAccessToken = (authCode) => {
    const url = "https://{SUBDOMAIN}";
    const data = {
      'grant_type': 'authorization_code',
      'code': authCode,
      'client_id': '{CLIENT_ID}',
      'client_secret': '{SECRET}',
      'redirect_uri': 'http://localhost:8081/order/search',
      'scope': 'read write'
    }, data, {
      headers: {'Content-Type': 'application/json'}
      .then(data => console.log("Successful Access Token Req ", data))
      .catch(err => console.log("Failed Access Token Req ", err));

    // ...Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
  • Robert Newman

    We are also seeing this issue having cropped up in the last couple of weeks with our application that was working and there have been no changes on our end recently. 

    I have noticed in testing that the format of the access_token has changed it is now twice as long as some of the ones that were created. The older shorter tokens continue to work but I get a similar error message to Cesar when using the newer style tokens. 

    "The access token provided is expired, revoked, malformed or invalid for other reasons."

  • Georg

    Hi there, 

    We would like to allow a 3rd party service to pull data from our Help Center articles via API. If I get this right, OAuth authentication would be a good choice, but I don't see any option to restrict the API requests to ready-only. Is this possible? Does my question even make sense? ;-) 

  • Dainne Lucena
    Zendesk Customer Care

    Hi Georg

    This might be an article (OAuth Tokens-Scopes) worth checking out. It provides details regarding the scopes parameter so you can set the access as either "read" or "write". Hope this helps!

  • Georg

    Thanks, Dainne! 

  • Pavan

    Hi Support Team,

    How do I renew the token which is generated using https://{{baseurl}}/oauth/tokens? Please help.

  • Wyatt

    Hi, is there a way to force a user to re-login when they go through the OAuth flow? I tried adding  "&login=true" to the URL, but that did not work.

  • a a

    i am getting this error



Please sign in to leave a comment.

Powered by Zendesk