OAuth with specific scopes not work


  • Eric Nelson
    Zendesk Developer Advocacy
    Hey Mike,

    Are you wrapping the scopes in an array? If not I'd try that "scopes": ["tickets:read", "users:read", "auditlogs:read"].

    Let me know if this doesn't fix your issue!
  • Mike Chiu

    Hi Eric, thanks for your reply.

    the setting with array does not work either.

    But after I re-testing again with scope: "tickets:read users:read auditlogs:read" both in authorization and token retrieval API, it works now.

    BTW, when I use `scopes: ["tickets:read", "users:read", "auditlogs:read"]` as parameters for authorization and token retrieval, the consent page displayed without any scopes shown. Then I can get access_token successfully, but failed to get user profile with 403 forbidden error.

    thanks for your help, I think I will use the space delimited string as scope while applying authorization.

  • Mike Chiu

    Hi Eric, 

    The scopes for access token retrieval works now.

    But there's an issue for `ticket_audits` retrieval.

    When I use "tickets:read auditlogs:read users:read" as my requested scopes and get access token successfully, I can use this token to get tickets, list tickets via get endpoint.

    But for ticket_audits endpoint, the response is 403 with response:

      "error": "Forbidden",
      "description": "You are missing the following required scopes: read"

    And from all document mentioned with scope, none of them bring up scope about ticket_audits.

    Can you help check if there's an issue for this scope ? Thanks.

  • Greg Katechis
    Zendesk Developer Advocacy
    Hi again Mike! A colleague and I just did some testing and it turns out the ticket audits endpoint requires global read scoping in your token. My guess is that it's because ticket_audits can contain additional data that isn't being explicitly scoped in the token. I'll send a request along to one of the two teams that would be required to make a decision on adding additional scopes to try and get that added. I'll let you know when I hear back from them if that's something that will be possible down the line.
    Let me know if you have an additional questions!
  • Mike Chiu

    Hi Greg Katechis,

    Thanks for you reply, on my testing, there is no specific scope for incremental export API either.

    it would be appreciated if you can send Incremental Export API scope to discuss as well. 



Please sign in to leave a comment.

Powered by Zendesk