Oriol Pericas

Hi Tipene Hughes ! I just tried again. Do you need the app id or subdomain, or anything else?

Just realised there's an error in the console in the page that says "OAuth authentication has been completed successfully"

Hello.

I followed this guide to set up OAuth in my Zendesk app to connect to my own back end.

https://developer.zendesk.com/documentation/apps/app-developer-guide/making-api-requests-from-a-zendesk-app/#managing-third-party-oauth-access-tokens

I have added this to my manifest.json

"parameters": [
  {
    "name": "token",
    "type": "oauth"
  }
],
  "oauth": {
    "client_id": "xxxyyyzzz",
    "client_secret": "wwwqqqrrr",
    "authorize_uri": "https://mybackend/oauth2/authorize/",
    "access_token_uri": "https://mybackend/oauth2/token/",
    "scope": "read write"
}

I built my app, packaged with `zcli apps:package` and uploaded to Zendesk.

Now when installing the app I see the link "Sign in with my app name".

I click this and it takes me through the login flow which completes successfully, and I see a blank page saying:

OAuth authentication has been completed successfully. You can close the current browser window and continue with the app installation page.

The URL of this page is:

https://.zendesk.com/support/apps/oauth/zis_token?app_id=xxxxx&verification_token=yyyy

I close the tab and go back to my Zendesk apps installation page, but I can't see the green check icon, and if I try to click on Install it says OAuth authentication is required.

What am I missing?

Thank you

Hi Tipene, it's the react scaffold. I think this line is the culprit:

https://github.com/zendesk/app_scaffold/blob/c60b050ec30c6105109d89aab1b5b4b3f0ff39fc/webpack.config.js#L10

Hi Greg, thanks for your answer! I'm not sure I understand what you mean to validate this upstream.

The case I experienced was because we generated a JWT including the external ID of a user, but that user had a different external ID in Zendesk, due to some problem in the way we synchronise the users in our app with Zendesk.

In this case our JWT flow was correct (it generated the correct JWT with the data on our side) and Zendesk also correctly returned a 409 (because the JWT doesn't match the external ID Zendesk has), but I have no visibility that this happened.

Hello

I'm using the Zendesk Web Widget in Web for chat and implemented the authentication as described in this guide:

https://developer.zendesk.com/api-reference/widget-messaging/web/authentication/

This works but I want to be able to track if there are errors in the loginUser callback, so I can monitor this and also prevent the chat widget from opening if that happened.

My code looks something like this:

zE("messenger", "loginUser", function (callback) {
  const jwtToken = generateJWT()
  callback(jwtToken)
})

If my `generateJWT` function produces an invalid token I can see in the console that the Zendesk script is making a POST request to

https://.zendesk.com/sc/sdk/v2/apps/......../login

And this results in a 401 error. But I don't have any way to know this happened and take an action when it does.

I tried globally intercepting `fetch` but I can't see that call in my interceptor, so I guess you don't use fetch internally. 

How can I intercept these calls and react to 40X errors? Is there a less hacky way to do this?

Thank you

Hi Tipene

I tried that and it works. But in fact, now it works even when running locally because I changed the URL of the script ot this one

src="https://static.zdassets.com/zendesk_app_framework_sdk/2.0/zaf_sdk.min.js"
integrity="sha256-WHVWWMLV1MeI0XWqHvUm6vA8imQw6GsC/2dB6Cwx0OE="
crossorigin="anonymous">

As described in this guide:

https://developer.zendesk.com/documentation/apps/app-developer-guide/using-the-apps-framework/

The URL there is different from the one we get out of the box when using the ZCLI command to create the application skeleton files.

Found it and it worked now, thank you!!

Hello

I am trying to build a Zendesk app and followed the steps in this guide:

https://developer.zendesk.com/documentation/apps/getting-started/using-zcli/

The `iframe.html` file includes a script tag. As a security measure, I'm required by my company to add an integrity attribute to this script tag with a hash to verify the script has not been manipulated.

integrity="sha256-WHVWWMLV1MeI0XWqHvUm6vA8imQw6GsC/2dB6Cwx0OE="crossorigin="anonymous">

However, doing this introduces CORS errors when I run the app locally. I didn't try it yet, but I assume the same will happen if I deploy it.

Access to script at 'https://assets.zendesk.com/apps/sdk/2.0/zaf_sdk.js' from origin 'http://localhost:4567' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

To fix this, I believe the server hosting the script should include the `Access-Control-Allow-Origin` header.

Is there a way to fix this or am I unable to use the integrity attribute?

Thank you

Hello

I'm trying to create a new Zendesk app using the React scaffold. I followed the steps in this guide:

https://developer.zendesk.com/documentation/apps/getting-started/using-zcli

Without making any changes to the app code, I try to upload the app to my account with the create command and get the following error

> zcli apps:create src

Uploading app... Uploaded

Deploying app... Failed

›   Error: assets/iframe.html is either an invalid location URI, refers to a missing asset, or does not use HTTPS.

The same thing happens if I tro to package it to upload manually:

> zcli apps:package src

›   Error: Error: assets/iframe.html is either an invalid location URI, refers to a missing asset, or does not use HTTPS.

I'm using environment variables to authenticate with my account.