draeder | 2024-11-19 22:50:16 UTC | #1
When a user logs into the Genesys Cloud browser UI, there are two places an access token is stored: localStorage and sessionStorage. Currently, I am piggy backing on the authentication access token from localStorage to authorize the WebRTC SDK and plan to do the same for the Platform api; or use sessionStorage -- which makes more sense.
However, I wanted to know if there is an official/supported way to leverage the existing authorization access token / session for such a purpose as this?
Thanks, Dan
tim.smith | 2024-11-19 23:02:43 UTC | #2
You must implement one of the OAuth flows to authorize your custom applications. Aside from being a bad security behavior, scraping a token from another app is almost guaranteed to cause its functionality to be negatively impacted due to rate limiting and other token-based considerations. It also violates the API on-demand fair use policy and could subject your organization to a billing dispute due to inappropriate usage of the platform.
The OAuth flows have a feature to auto-authenticate the user without the user seeing the login screen when they have a valid session cookie with the auth service. This is a built-in feature; all you need to do is implement the OAuth flow to take advantage of it. (note that this feature can be disabled by your administrator, e.g. HIPAA orgs)
draeder | 2024-11-19 23:05:43 UTC | #3
Thank you Tim! I appreciate the clarification and was wondering about the auto-authentication feature. As a note, this has only been in development and we are not using this anywhere at the moment. Appreciate the quick response as always.
system | 2024-12-19 23:06:32 UTC | #4
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
This post was migrated from the old Developer Forum.
ref: 30472