Requesting a global OAuth client for a Zendesk Support integration Follow

Comments

15 comments

  • Avatar
    Simon Pledger

    Hi Sean,

    Thanks for your article. I have been reading it in conjunction with the Authorization Code Grant flow example urls in https://support.zendesk.com/entries/24458591-Using-OAuth-authentication-with-your-application

    For Global OAuth clients, using Authorization code grant flow, please can you clarify whose responsibility it is to prompt for the zendesk subdomain? Your article includes an example prompt UI; so is the intention that our client application should capture this subdomain value first and pass this through as an extra parameter on the call to the Zendesk authorization page : eg

    https://{our-global-client-subdomain}.zendesk.com/oauth/authorizations/new?response\_type=code&redirect\_uri={our\_redirect\_url}&client\_id={our\_unique\_identifier}&scope=read%20write**&subdomain={****the-customers-subdomain}**

    If so what is the form of this extra parameter?

    Alternatively, does your Authorization page prompt for the subdomain itself ?

    If so, do you pass the user's chosen value back as an additional parameter on the registered redirect url : eg

    {our\_redirect\_url}?code=7xqwtlf3rrdj8uyeb1yf**&subdomain={chosen-subdomain}**

    So that our generic receiving servlet url knows which subdomain the code is for.

     

    Many thanks

    Simon Pledger

  • Avatar
    Sean Kinney

    **@Simon:** It is your responsibility to prompt for subdomain in your code. When it comes to the authorization workflow, the customer's subdomain is what's actually used to construct the URL not the ID of your global client. Your global OAuth client does not have its own subdomain. For example, if your customer's subdomain were omegasupport.zendesk.com then the URL would look like this:

    https://omegasupport.zendesk.com/oauth/authorizations/new?response\_type=code&redirect\_uri={our\_redirect\_url}&client\_id={our\_unique\_identifier}&scope=read%20write

    It is the client\_id parameter that tells us to use your specific global OAuth client.

  • Avatar
    Simon Pledger

    Hi Sean

    I understand; thanks for the clarification.

    I'm thinking therefore that if we also add the captured subdomain to our session before redirecting the user to the authorization endpoint, our global client's redirect url endpoint can use this same session attribute to associate any returned authorization code parameter with its correct subdomain. Is this how you envisaged a global client based authorization workflow proceeding?

    Regards

    Simon

  • Avatar
    Sean Kinney

    **@Simon:** Subdomain is required any time you or an end-user of your integration interacts with Zendesk's OAuth endpoints. You thus need to make sure you're tracking subdomain associated with each authorized user. This is especially important because any subsequent API operations will also require the customer's subdomain. You're always acting on behalf of a user in a specific Zendesk subdomain regardless of whether a global OAuth client is used.

  • Avatar
    Dimitris Kogias

    Hi,

    Can global clients (using the auth code grant type) get refresh tokens or, failing that, non-expiring access tokens?  I need that for my integration which is expected to be acting on the user's behalf without their continuous UI presence.

     

    Thanks

  • Avatar
    Dick Hardt

    Rather than pushing the complexity of prompting for the subdomain to the client, Zendesk could have a global entry point on zendesk.com that would provide a consistent interface for prompting for the subdomain, and could also look at cookies to see what subdomain the user was in previously so that it can be autofileld as most users only use one domain.

    btw: just because there are a number of flows in OAuth 2, does not mean you need to support them all.

     

  • Avatar
    Ratnesh

    @Sean,
    Does it mean that only the need of asking the consumer id and secret to the every zendesk account admin is eliminated but for rest like getting access and renew tokens are bound to the chosen subdomain of zendesk and that is something our app needs to maintain ?

    Also, is there a way that global OAuth client is given for trial accounts so that we could do a POC to ensure the suitability.

  • Avatar
    Mohammad Inamullah

    Sean,

    I had a question about the "Proof of Business" requirement. We are a small startup and have not yet incorporated. We do have a webpage through which our web app can be accessed; our apps are also available on Google Play and Apple Store.

    How can our app integrate with Zendesk in a global production capacity without any "Proof of Business" documentation? We have already tested our app with our own subdomain and would now like to open it up for global users to use.

    Out app is an enterprise search app called Hadro (http://www.hadroapp.com).

    Thanks.

  • Avatar
    Deepak Teja

    How many ideally will it take for the Global OAuth Client request to get approved ? And do we have any contact person (admin from Zendesk) to get directly in touch with? And is it possible to edit the submission request done previously ? Looking forward for some urgent help here! We are building base integration with multiple apps. Thanks. deepakteja[at]pipemonk.com

  • Avatar
    James Peterson

    Hi Deepak,
    You can request a Global Oauth Client through the developer portal. You'll need to create an account there, and then submit your Zendesk subdomain, unique identifier, and proof of business. Sign up for more information - https://developer.zendesk.com/account/oauth

    Lastly, it is not possible to edit the submission.

  • Avatar
    Deepak Teja

    @James

    Firstly, thanks for a quick reply. We have already submitted the request for Global Oauth Client through the portal with all the details.

    Now, the following question would be, if it is not possible to edit the submission, should we wait for the Zendesk admin to contact us in response or submit a new request from our end ?

    Looking forward. Thanks once again.

  • Avatar
    James Peterson

    Hi Deepak,
    I'd suggest waiting for Zendesk to contact you and hopefully you can notify of the change that is required before the client is globalized.

  • Avatar
    Deepak Teja

    And James, Can there any kind of guess on the time line for this request? Because a lot of other actions at our end depends on this! Tx.

  • Avatar
    James Peterson

    Hi Deepak, Unfortunately that is not something I'm qualified to answer.

  • Avatar
    Deepak Teja

    @James, No problem. Thanks a lot for the help. I hope the concerned and the right person from Zendesk team, will answer soon!

Please sign in to leave a comment.

Powered by Zendesk