Lloyd | 2020-07-29 20:41:14 UTC | #1
Apologies if this is a silly question, but why do implicit grants work across different organisations other that the one their clientId is created in?
- I've created an implicit grant OAUTH in Org1 which defines the scope & the website URL.
- If I log in to Org2 which is another customer completely on a completely different machine, I can successfully still use the implicit grant website I created for Org1 but in the context of Org2 (So see/action Org2 API's)
I would have thought that when I supply credentials for Org2 that because the clientId does not exist that org, that the login would fail?
I'm assuming there is a fundamental aspect of this that I have missed understanding?
Thanks L
tim.smith | 2020-07-29 20:51:25 UTC | #2
All OAuth grant types span orgs, with the exception of client credentials. This allows applications, like the standard Genesys Cloud web app, to be used by multiple organizations. When scopes are enforced in an org, OAuth clients will not be able to generate auth tokens until that client has been authorized in the org.
Lloyd | 2020-07-29 21:03:41 UTC | #3
Thanks Tim, appreciate you explaining that.
Looks like I have a bit more reading to do
system | 2020-08-29 21:03:43 UTC | #4
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.
This post was migrated from the old Developer Forum.
ref: 8433