John1 | 2019-05-29 22:50:11 UTC | #1
This was working previously, but seems I have changed scope or something else and now it is failing.
I am using javascript sdks: <script src="https://sdk-cdn.mypurecloud.com/client-apps/1.0.0/purecloud-client-app-sdk.js"></script> <script src="https://sdk-cdn.mypurecloud.com/javascript/29.1.0/purecloud-platform-client-v2.min.js"></script>
After setting up the client: const platformClient = require('platformClient'); const client = platformClient.ApiClient.instance;
I am running client.loginImplicitGrant(clientId, redirectPath) with valid clientId and redirectPath.
I am getting 403 Forbidden error in console repetitively.
VM873:1 GET https://api.mypurecloud.com/api/v2/authorization/permissions 403 (Forbidden) (anonymous) @ VM873:1 h.end @ VM881 purecloud-platform-client-v2.min.js:1 (anonymous) @ VM881 purecloud-platform-client-v2.min.js:1 n.callApi @ VM881 purecloud-platform-client-v2.min.js:1 (anonymous) @ VM881 purecloud-platform-client-v2.min.js:1 n.testTokenAccess @ VM881 purecloud-platform-client-v2.min.js:1 (anonymous) @ VM881 purecloud-platform-client-v2.min.js:1 n.loginImplicitGrant @ VM881 purecloud-platform-client-v2.min.js:1 clientApp.setup @ VM883 clientapp.js:132 (anonymous) @ VM882 index.html:25 VM881 purecloud-platform-client-v2.min.js:1 Error: Forbidden at h.<anonymous> (VM881 purecloud-platform-client-v2.min.js:1) at h.n.emit (VM881 purecloud-platform-client-v2.min.js:1) at XMLHttpRequest.t.onreadystatechange (VM881 purecloud-platform-client-v2.min.js:1)
I feel I'm misunderstanding something. Can you help?
Thanks, John
John1 | 2019-05-29 23:27:43 UTC | #2
I tested again in incognito, and it is now working. I went back to test non-incognito and it also works. I really do not understand, as nothing as changed.
Does it take time for oauth scopes and redirect urls to update/propagate? Is there any other explanation?
In terms of scopes, what are the minimal scopes I need to:
- do an implicit grant in my integration client-side javascript
- usersApi.getUsersMe();
- organizationApi.getOrganizationsMe();
- authApi.getAuthorizationRoles(authOpts); (matching prefix)
- Create two new roles and assign them to logged in user
Much thanks, John
tim.smith | 2019-05-30 20:06:01 UTC | #3
A 401 error generally means you either aren't sending the authorization header with the request or the auth token that is being sent isn't valid. A 403 response means the authorization header was valid, but that you aren't allowed access. Additionally, the response body of the error usually contains some indication of what was wrong with the request and what permissions/scopes the user is lacking.
Required scopes are documented on the APIs. For example, GET /api/v2/users/me requires the user-basic-info scope:
John1 | 2019-05-30 20:29:19 UTC | #4
Hi Tim,
Thanks for the reply. We were getting a 403, and the response body did not include anything useful regarding what was missing.
We will consult the API docs regarding scopes.
Much thanks, John
system | 2019-06-30 20:29:19 UTC | #5
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.
This post was migrated from the old Developer Forum.
ref: 5250