Using OAuth authentication with your application

Return to top

51 Comments

  • PAUL STRAUSS

    We recently created an integration with Zendesk which allows our agents who are logged into the Zendesk support to have access to an internal tool. Every time agents attempt to access our tool, we're presented with a message to "Allow Access to Your Zendesk Account?" This didn't happen during our testing in our Zendesk sandbox account, but it happens in production. Any thoughts on how to make this a one-time "Allow" rather than requiring it every time they log in?

    0
  • Greg Katechis
    Zendesk Developer Advocacy

    Hi Paul! Could you share a bit more information about this integration and how the auth flow is implemented? Please provide as much detail as you can share in a public forum!

    0
  • Greg Katechis
    Zendesk Developer Advocacy

    Hi Raghav, I responded here!

    0
  • Nick Hemenway

    Hello, I'm trying to implement the Password grant type OAuth flow, and I'm having trouble understanding how I'm supposed to obtain the user's username and password in order to request the OAuth token for the first time. This section seems to imply that there is an endpoint to retrieve the username and password I need, but I haven't been able to find this endpoint. Any advice? Thanks

    0
  • Vitaliy Markitanov

    Hello,

    Do you support OIDC brokering?
    Idea is that I have IDP and my web users should authenticate with my IDP via SSO.

     

    0
  • Jason Schaeffer
    Zendesk Customer Care

    Hello Vitaliy,

    Zendesk does not currently support OpenID Connect, and according to our product team, this is not currently something on our Road Map.  Apologies for the inconvenience. 

    0
  • Paul Moran

    The "authenticity_token" mentioned in the comment above https://support.zendesk.com/hc/en-us/articles/203663836/comments/360000042747 doesn't work for me. The format of the csrf_token (which I was able to access using the v1 template api) and this authenticity_token are different. 

    0
  • Bernardo Reis

    Hi there. I've implemented the OAuth authentication flow as suggested and have requested the following scopes:

    'users:write tickets:write organizations:write identities:write read'

    Everything works as expected, except when I try to use Zendesk's API to delete user identities. I get the following error:

    {"error":"Forbidden","description":"You are missing the following required scopes: write"}

    Shouldn't the 'users:write' scope let me manage user identities? Or do I need an additional scope? Looks like that 'identities:write' is not a valid option

    3
  • Ariane Frances dela Cruz

    Hello Bernardo, 

    I'd like to look further into this, I'll be creating a ticket for you, kindly expect an email shortly. 

    0
  • Greg Katechis
    Zendesk Developer Advocacy

    Hi Tiel! Is this in relation to a Zendesk feature or is this just a general question about Oauth?

    1
  • Nishant Gupta

    I have been trying to implement OAuth in Rest API.
    Please note that I don't have web app(in which I can use redirect URL)
    Only Backend - REST api

    With all the oauth Authentication types, it is confusing to follow which one is the best to do.?
    Which curl commands helps me authenticating with Zendesk successfully using oauth

    Is the password grant type best suited for this type with below curl command? or what alternatives we have ?

    curl https://{subdomain}.zendesk.com/oauth/tokens \
      -H "Content-Type: application/json" \
      -d '{"grant_type": "password", "client_id": "{your_client_id}", 
        "client_secret": "{your_client_secret}", "scope": "read",
        "username": "{zendesk_username}", "password": "{zendesk_password}"}' \
      -X POST
    0
  • Viktor Hristovski

    Hi, im generating an OAuth token in Zendesk for our developers, but we are getting :unauthorised" even in the simple curl  command for example:

    curl https://obscura.zendesk.com/api/v2/users.json \ -H "Authorization: Bearer gErypPlm4dOVgGRvA1ZzMH5MQ3nLo8bo"

    we are getting : {"error":"invalid_token","error_description":"The access token provided is expired, revoked, malformed or invalid for other reasons."}

    What are we doing wrong?

    0
  • Chinh Phan

    Hi,

    How can I get the full access token within just one API? I'm using javascript to call, and implement a ticket form from my website.

     

    1
  • Cheeny Aban
    Zendesk Customer Care

    Hi Chinh Phan

    What do you mean by full access API token? Can you tell us more about your use case so we can check it for you?

     

    0
  • Chinh Phan

    Hi Cheeny Aban,

    I'm implement the contact form from Frontend via Javascript, submit Ticket to Zendesk. Look like this: 

    When I try to POST a ticket to zendesk, I'm facing the CORs issue (I used all tokens, aouth in zendesk setting).

    Ticket's API requires the authorization is "Bearer " + access_token.

    I thought the API get access_token work when I tested via Postman: https://{subdomain}.zendesk.com/api/v2/oauth/tokens
    But no, when I apply API get access token to javascript code. I'm also facing the CORs issue.

    If I implement as in the document at: https://support.zendesk.com/hc/en-us/articles/203663836?page=3#topic_ar1_mfs_qk

    when browser redirect to the url: https://{subdomain}.zendesk.com/oauth/authorizations/new?response_type=code&redirect_uri={your_redirect_url}&client_id={your_unique_identifier}&scope=read%20write

    It forces I have to login into zendesk. It is not feasible for users who do not have an account.

    1
  • Óskar Ómarsson

    Not sure if this is the correct place to ask this but I'm trying to create a workaround for limitations in Zendesk Automation, I need to be able to add private comments to a ticket when an automation does change the ticket, just to inform any agent that would open up the ticket after the automation is executed.

    Now I've achieved this using Webhooks to call Zendesk API

    But only by using my own username, this will result in a certain username being placed with the comment, making it look like I made that internal comment.

    My desire is to make it look like the system, which indeed is doing this, made the internal comment.

    It appears that I can't use the Zendesk API Token unless I use my own username, please correct me if I'm wrong

    And I can't get the OAuth Client tokens to work as a bearer token authentication.

    What am I missing?

    Best regards
    Oskar

     

     

    1
  • Taylor Clark

    Is there an existing query parameter I can use to force login on the authorization step? Currently if a user is already logged in it goes directly to the Authorization screen. I'd like to force users to login every time they go through the flow.
    The use case is that our integration requires an administrator and we can't figure this out until after we retrieve the token and then retrieve the authenticated user by ID

    0
  • Taylor Clark

    Actually figured it out just now using the UI - `&login=true`

    0
  • Marshal

    I have a trial account for zendesk and I am trying to use OAuth for my api requests and it is returning invalid token. If I use basic auth it works but I can't use basic auth for my client side application to make calls because of the CORS policy. I would love to know if it is possible to use OAuth with my trial account?

     

    0
  • Cheeny Aban
    Zendesk Customer Care
    Hi Marshal, 

    Yes, OAuth token use is supported in Trial accounts. If you are seeing invalid token errors, I would recommend that you double-check our documentation on setting up different OAuth grant flows to ensure that the parameters of your requests are in line with our expected tokens as per that article. If you are still seeing errors, I would recommend that you open a ticket with us, so we can dig deeper and investigate. 
    0
  • Jishnu S

    Hi Team,

    I have followed your instructions and I got the access token. But there is no information about finding the authenticated user-id using the access token.

    Can you please advise me to find authenticated user details?

     

    Thanks

    0
  • Greg Katechis
    Zendesk Developer Advocacy

    Hi Jishnu! We don't currently provide support for the underlying standard (OpenID Connect), so there is not currently any way to retrieve user data from an access token. 

    0
  • Vlad Glazov

    Hello

    Is there any way to revoke global OAuth client? What if it was created by the member who left organization?

    Thanks

    0
  • Jonas Rocha Lima Amaro

    Hello

    Can an OAuth client have more than one access token, or bearer token as you may?

    I ran 

    https://{subdomain}.zendesk.com/oauth/tokens

    request twice in a row and the second one revoked my authorization_code. I suspect that it is caused by some sort of Single Access Token Per Subject policy, right?

    Thank you

    0
  • Dane
    Zendesk Engineering
    Hi Vlad, 
     
    It can be revoked using the endpoint Revoke Token.
     
    @Jonas,
     
    As it turns out, you are not allowed to use multiple access tokens. Hence, the behavior you have experienced is expected.
    0
  • Vlad Glazov

    Hi Dane,

    Thanks for you answer, revoking a token seems to be clear.

    Now how about revoking (or deleting/disabling/whatever) OAuth client?

    Thanks, Vlad.

    0
  • Dane
    Zendesk Engineering
    Hi Vlad,
     
    You can use: Delete Client
     
    DELETE /api/v2/oauth/clients/{oauth_client_id}
    0
  • Cesar

    Hi Support, 

    I tried the `Authorization code grant flow` and it worked well to get access token (for listing tickets), but the flow does not suit my application.

    So I was trying with the `Password grant type` flow. My account (xyz@abc.com) is an "user" instead of an "admin". Thr organization has 2FA enabled. On trying the POST Api, I got the error below.

    Is 2FA a blocking factor for such scenario?

     

    {
    "error": "invalid_grant",
    "error_description": "The provided access grant is invalid, expired, or revoked (e.g. invalid assertion, expired authorization token, bad end-user password credentials, or mismatching authorization code and redirection URI)."
    }
    0
  • Greg Katechis
    Zendesk Developer Advocacy

    Hi Cesar! 2FA and OAuth should not be an issue. Have you confirmed that the issue is not one of the (relevant) errors provided in the response?

    0

Please sign in to leave a comment.

Powered by Zendesk