Recent searches
No recent searches
OAuth with specific scopes not work
Posted Mar 23, 2022
Hi I follow the document here to gain access token with scopes "tickets:read users:read auditlogs:read".
After oauth flow completed, I got the response with
endpoint: /api/v2/ticket.json and /api/v2/ticket_audit.json
response:
{"error":"Forbidden","description":"You are missing the following required scopes: read"}"
But If I change the requesting scopes to only "read", it works fine.
I am wondering if there's anything I overlook and need to revise ?
thanks!
0
10
10 comments
Eric Nelson
Are you wrapping the scopes in an array? If not I'd try that
"scopes": ["tickets:read", "users:read", "auditlogs:read"]
.Let me know if this doesn't fix your issue!
0
Mike Chiu
Hi Eric, thanks for your reply.
the setting with array does not work either.
But after I re-testing again with scope: "tickets:read users:read auditlogs:read" both in authorization and token retrieval API, it works now.
BTW, when I use `scopes: ["tickets:read", "users:read", "auditlogs:read"]` as parameters for authorization and token retrieval, the consent page displayed without any scopes shown. Then I can get access_token successfully, but failed to get user profile with 403 forbidden error.
thanks for your help, I think I will use the space delimited string as scope while applying authorization.
0
Mike Chiu
Hi Eric,
The scopes for access token retrieval works now.
But there's an issue for `ticket_audits` retrieval.
When I use "tickets:read auditlogs:read users:read" as my requested scopes and get access token successfully, I can use this token to get tickets, list tickets via get endpoint.
But for ticket_audits endpoint, the response is 403 with response:
And from all document mentioned with scope, none of them bring up scope about ticket_audits.
Can you help check if there's an issue for this scope ? Thanks.
0
Greg Katechis
Let me know if you have an additional questions!
0
Mike Chiu
Hi Greg Katechis,
Thanks for you reply, on my testing, there is no specific scope for incremental export API either.
it would be appreciated if you can send Incremental Export API scope to discuss as well.
Thanks!
0
Viktor Novistskyi
Hi Greg Katechis
I have a similar issue when trying to
GET /api/v2/ticket_fields
error is
For getting the Oauth access token I use a code approach with scope tickets:read.
I can get the tickets list, but other request fails. What scope should I use for getting ticket_fields?
0
Greg Katechis
Hi Viktor! After doing some investigation on my end, it looks like access to the ticket_fields API requires global read access. I can look into this as a possible feature request for the future, for the time being it appears that you will need the global read access for now.
0
Kirsten
Hi, can anyone confirm whether or not the `tickets:read` scope will work for making GET requests to the incremental exports API? (/api/v2/incremental/tickets) I've searched for this in documentation but haven't found anything. Thanks!
0
Christopher Kennedy
Incremental export API requests also require global read access.
0
Mukund Jha
If you are encountering a 403 Forbidden error in 2024 - when sending a GET request for OAuth authentication, you should use this URL structure, which requires passing the scope as a URL parameter:
https://{subdomain}.zendesk.com/oauth/authorizations/new?response_type=code&redirect_uri={your_redirect_url}&client_id={your_unique_identifier}&scope=read%20write
Documentation link here
1