Recent searches

No recent searches

Get scopes for installed apps

image avatar

Usman Malik

Posted Mar 25, 2021

Ask: To get a list of all apps installed on my workspace along with their scopes.

Issue One way to look at: There are multiple apis but they don't cross over to get the complete picture.

- We have `/api/v2/oauth/tokens` which returns scopes being used by an OAuth client. Great.

{
  "tokens": [
    {
      "client_id": 41,
      "created_at": "2009-05-13T00:07:08Z",
      "expires_at": "2011-07-22T00:11:12Z",
      "id": 223443,
      "refresh_token": "af3t24tfj34h43s...",
      "scopes": [
        "read"
      ],
      "token": "af3345kdj3",
      "url": "https://example.zendesk.com/api/v2/tokens/223443.json",
      "used_at": "2010-01-22T00:11:12Z",
      "user_id": 29
    },

- Then we have `/api/v2/oauth/clients/{oauth_client_id}` which doesn't contain application id its associated with:

{
  "client": {
    "company": "Zendesk",
    "created_at": "2009-05-13T00:07:08Z",
    "description": "Zendesk Test Client",
    "id": 223443,
    "identifier": "test_client",
    "name": "Test Client",
    "redirect_uri": [
      "https://example.com/callback"
    ],
    "secret": "af3t24tfj34h43s...",
    "updated_at": "2011-07-22T00:11:12Z",
    "url": "https://example.zendesk.com/api/v2/clients/223443.json",
    "user_id": 29
  }
}

 

Issue another way to look at: Now try getting the same information via `/api/v2/apps/installations` it returns list of all the apps installed. Great.

{
  "installations": [
    {
      "app_id": 218618,
      "collapsible": true,
      "created_at": "2020-06-11T06:12:48Z",
      "enabled": true,
      "group_restrictions": [],
      "has_incomplete_subscription": false,
      "has_unpaid_subscription": null,
      "id": 361234573552,
      "paid": null,
      "pending_installation": true,
      "pending_job_id": "587986abda901cde3873697585091dab",
      "plan_information": {
        "name": null
      },
      "product": "support",
      "recurring_payment": false,
      "redirect_path": "/support/apps/manage",
      "role_restrictions": null,
      "servable": true,
      "settings": {
        "attachment_tag": "has_attachment",
        "blacklist": null,
        "items_per_page": "6",
        "name": "Attachment Manager",
        "new_attachment_tag": "has_new_attachment",
        "title": "Attachment Manager",
        "whitelist": null
      },
      "stripe_account": "acct_1CyabcGO5FKrIYc5",
      "stripe_publishable_key": "pk_live_zMw5abcdYBbd6axDbyrzrRl9",
      "updated": "20200305221223",
      "updated_at": "2020-06-11T06:12:48Z"
    }
  ]
}

However there doesn't seem to be any way to tie the installation to > oauth client > token

1

6

6 comments

Date
    image avatar

    Greg Katechis

    Zendesk Developer Advocacy

    Hi Usman! The app itself isn't going to have the data about the scopes of the OAuth token because it does not apply to that endpoint. Likewise, the OAuth client will not have information about what application it is deployed in. The best way to keep a tie of your tokens and apps is to name the OAuth client something that easily allows you to know what it is associated with.

    0

    image avatar

    Usman Malik

    Thanks Greg.

    The issue is not about our apps, we are interested in knowing who many (other) apps are installed in our workspace and what scopes they have asked for. Think of it as a report.

    But yeah looks like its currently not possible.

    1

    image avatar

    Adam Steinberg

    I really need to know how to associate the client ID of an OAuth token with the "Identity" of the API client listed here: https://corsair.zendesk.com/admin/apps-integrations/apis/zendesk-api/activity

    Zendesk app deinstallations leave the OAuth tokens untouched, which is a bug IMO and I've reported it.

     

    0

    image avatar

    Greg Katechis

    Zendesk Developer Advocacy

    Hi there! In theory, if an OAuth token is being used to make an API call, we should be reflecting the identity for the underlying client on that activity page. If you're already in the admin center, you can click on the OAuth Clients tab next to the Activity tab and the client name will be the associated identifier. If you prefer to check via the API, the identifier there will be the "name" object in the list clients endpoint

    Regarding the second point, that is a very reasonable ask and I'm going to raise that with the appropriate team as soon as I'm done here. I can't guarantee that I'll be able to report anything useful back, but if I can, I will! 

    0

    image avatar

    Adam Steinberg

    Thanks to David Raboy  - the way to get this is to ask for the list of tokens to include clients.

    https://{{myinstance}}.zendesk.com/api/v2/oauth/tokens?include=clients

    1

    image avatar

    Greg Katechis

    Zendesk Developer Advocacy

    Oh this is a great addition, thanks to David and thanks for sharing! For anyone reading this down the road, the above side load cuts the number of API calls down (likely in half for most users, actual number depends on the number of tokens/clients in your account + pagination). It also seems to only return the clients that have active tokens, so there no need to sift through the noise of clients that a separate call to list all clients would provide.

    0

    Please sign in to leave a comment.

    Didn't find what you're looking for?

    New post