OAuth connection for a third-party system with client credentials
2023년 6월 27일에 게시됨
Hi!
I am implementing a Support App and I want each Zendesk user (admins, agents) to authenticate using OAuth to a third-party API before using the app. Each user would have a different account in my API.
I've tried doing this using the grant type authorization code, but this seems to be supported only for admins.
So now I've tried switching to client credentials following the docs here and use a single user in my API and sending some identifier in the Headers of my API requests to differentiate users. So as an admin I'd create the OAuth Client, start a client credentials flow and use the URL to make an Exchange Verification Code request to get my access_token. Then I would like to store that token somewhere in metadata maybe, so that all users can use it to make requests to my third-party API.
These are my questions:
1. The response I get from the Exchange Verification Code shows "******" for the access token. How can I retrieve the real value?
2. After getting the correct value for the access token, where should I store it so that I can use it for all Zendesk users using my Support App?
3. Would there be a better way to implement all this?
Thank you!
0
댓글 3개
Oana Veronica Pop
In case anyone else needs this, this is what I've eventually found out:
According to the product team, using the OAuth connection created through the Zendesk integration service within a Support app is not possible.
The API to Exchange the Verification Code does not actually return the access token when it is authenticated via a user session, which is what would be used when making a request from the Support App with
client.request(). The reason for this is to maintain the security of the access token and ensure it is not leaked to the browser.As per the documentation for Zendesk apps, only the authorization code grant type is supported, and the flow is only triggered upon app installation by the admin (so it wouldn’t be able to persist an access token for each Zendesk user using the app)
1
Oana Veronica Pop
Hi Christopher,
If I make the call to my tokenUrl directly using Postman, I receive the access token.
Shouldn't I get an error when starting my OAuth connection if something isn't right? These are the calls I make:
1. Create a client
So the flow seems to work, but I don't know how to get the real value of the access token to use it when making my API calls. And where to store it so that I can access it for all Zendesk users using my Support App.
2. Start OAuth
3. Exchange verification code
Thank you!
0
Christopher Kennedy
At this point in the flow, the response should include the access token. I'd like to see whether the OAuth connections service is actually receiving one. Can you check the token URL for the OAuth client you started the flow on to ensure that it's your endpoint that supplies the token? Also are you able to successfully return an access token when requesting one from the token URL directly (not using the OAuth connections service)?
0
댓글을 남기려면 로그인하세요.