English (US)

OAuth, how to configure it.

Answered
Samer Kokeh

Hi, I am designing a Zendesk support App, and I want to connect my app with Dynamics 365 CRM API using OAuth 2.0.
However, I've check your technical resource https://developer.zendesk.com/documentation/apps/app-developer-guide/using-the-apps-framework/#using-oauth 
But still it's not clear to me totally, my questions are:

1- As I understood, I may configure oauth details in manifest file after I deploy my App, is it correct? 

2- for the time being i succeeded to connect but i used access token generated with Postman so my code it's look like bellow:

function getTaskData(client) {
    var settings = {
        url: 'https://signpostdev.crm4.dynamics.com/api/data/v8.0/contacts',
        headers: { "Authorization": "Bearer eyJ0eXAiOiJKV1Q........},
        type: 'GET',
        dataType: 'json'
    };
    client.request(settings).then(
        function (data) {
            console.log(data);
        },
        function (response) {
            console.log(response);
        }
    );
}

But I realized that my token expired after 2 or 3 hours, so I need to use for connection 3 values TokenURL, ClientID, ClientSecret and use Client Credentials as Grant type.

So that now i am trying to follow-up this turorial https://developer.zendesk.com/documentation/apps/build-an-app/building-a-sell-app-using-oauth-2-0/building-a-sell-app-using-oauth-2-0-part-3-setting-up-oauth-2-0/

2- Is it possible to do my code as bellow in manifist.json and use it before i deploy my app?
and i am not sure if my manifist.json correct or not?

....
 }, 
"oauth": {

        "client_id": "518f.....................",
        "client_secret": "IDo7.....................",
        "authorize_uri": "https://login.microsoftonline.com/xxxxxxxxxx/oauth2/v2.0/authorize",
        "access_token_uri": "https://login.microsoftonline.com/xxxxxxxxx/oauth2/v2.0/token",
        "parameters": [
            {
                "name": "token",
                "type": "oauth"
            }
        ]
    },
    "version": "1.0",
    "frameworkVersion": "2.0"
}

and use this code to call Dynamics API:

var settings = {
  url: 'https://www.example.com/api/user',
  headers: {"Authorization": "Bearer {{setting.token}}"},
  secure: true,
  type: 'GET'
};
var client = ZAFClient.init();

3- Now i think when i write {{setting.token}} it should take what written in my minifist.json correct? is it safely that i put my clientID and clientSecret in manifist.json ??

Thank you in advance..
Samer

6 Comments

  • Greg Katechis
    Zendesk Developer Advocacy

    Hi Samer! I'll go through your questions one by one, but please let me know if I misunderstood the question in any of them!

    1. As I understood, I may configure oauth details in manifest file after I deploy my App, is it correct? 

    The details that you include in your manifest have to be present when you deploy the app, unless you are using placeholder values. 

    2. I'm not sure that I understand the question here...could you clarify this one for me?

    3. Yes, you can read about that here!

    0
  • Samer Kokeh
    • Edited

    Hi Greg,
    Thank you for your post. However, to clarify my question 2;
    I filled manifist.json with values of client_id, client_secret, authorize_uri and access_token_uri.
    And when i tested my code i always receive 401 error. but when i used the same values on Postman it's ok and it's work very well. So that, I copied my token from postman and use it in my zendesk app to complete my application until I solve this problem. or until I upload my app.
    That's why I thought it's only read the setting of OAuth in manifist.json after deployment.
    so now my code to call api is like this:

    var settings = { 
            url: `https://mycompany.crm4.dynamics.com/api/data/v9.0/accounts?$filter=contains(accountnumber,'${externalId}')`,
            headers: { "Authorization": "Bearer eyJ0eXAiOiJKV1QiLCJhbGci......},
            type: 'GET',
            dataType: 'json'
        };

    I don't think it's correct to keep using access token from Postman even before uploading my application. 

    Thank you in advance...
    Kind Regards,
    Samer

    0
  • Greg Katechis
    Zendesk Developer Advocacy
    Thanks for clarifying that. If you're receiving a 401, it means that there is something going wrong with the auth flow. Could you print the token that's generated in your auth flow to the console when running your app to see if the token is being generated properly?
    0
  • Samer Kokeh

    Hi,

    Please check the attachments of manifest.json, main.js and the error appears on chrome console.

     

    0
  • Samer Kokeh

    Here is also a screenshot of my console when i run the app.

    0
  • Samer Kokeh
    • Edited

    FYI, I tried the same configuration on Postman and it's work very well, the only thing is missed when I compare my postman configurations is Scope, Scope value in postman is 

     
    And i am not sure if the setting is correct because as you can see in my code i tried to write the value of access_token parameter which i fill it when i run "Zat server" but it's appear as is 
     console.log("Token: {{setting.token}}" ); ==Consol output=> "Token: {{setting.token}}" .
    Regards, 
    Samer
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post
Powered by Zendesk