Genesys Cloud - Developer Community!

Hi everyone,

I'd like to confirm my understanding around the behavior of enableFrameworkClientId=true in the Embeddable Framework.

Observed behavior

• If enableFrameworkClientId=true is included on the initial iframe load, the UI shows the floowing error:
  • Sorry, Genesys Cloud cannot authenticate you at this time. The OAuth client ID or redirect URI is invalid
• All OAuth redirect URIs (including those with query parameters) are correctly registered in OAuth client.

For reference, we are using the PKCE OAuth flow (usePKCEAuthFlow = true).

---

Workaroud we are using

1. Load the Embeddable Framework iframe without enableFrameworkClientId=true -> OAuth login completes successfully.
2. After the login session is established, reload the iframe with enableFrameworkClientId=true -> PureCloud.User.getAuthToken() becomes available and works as expected.

---

Understanding/question

My current understanding is:

• OAuth authentication itself happens only once (in step 1)
• The second iframe load reuses the existing Genesys Cloud login session
• No additional OAuth authorization or token exchange occurs in step 2

Is this understanding correct?

Additionally, is reloading the iframe the recommended approach to enable Framework Client tokens, or is there a better pattern to achieve this without reloading?

Thanks in advance.

#EmbeddableFramework

------------------------------
Katsuya Watabe
------------------------------

The `usePKCEAuthFlow` setting is not supported yet (see the Feature postponement announcement at the top of this documentation).

Please try again using an appropriate OAuth client grant type without the `usePKCEAuthFlow` setting to see if that make a difference. Thank you.

------------------------------
Junji Sawada
Senior Software Engineer, Team Lead

Original Message:
Sent: 01-26-2026 20:20
From: Katsuya Watabe
Subject: OAuth error with "enableFrameworkClientId" in Genesys Embeddable Framework – is iframe reload the only solution?

Hi everyone,

I'd like to confirm my understanding around the behavior of enableFrameworkClientId=true in the Embeddable Framework.

Observed behavior

• If enableFrameworkClientId=true is included on the initial iframe load, the UI shows the floowing error:
  • Sorry, Genesys Cloud cannot authenticate you at this time. The OAuth client ID or redirect URI is invalid
• All OAuth redirect URIs (including those with query parameters) are correctly registered in OAuth client.

For reference, we are using the PKCE OAuth flow (usePKCEAuthFlow = true).

---

Workaroud we are using

1. Load the Embeddable Framework iframe without enableFrameworkClientId=true -> OAuth login completes successfully.
2. After the login session is established, reload the iframe with enableFrameworkClientId=true -> PureCloud.User.getAuthToken() becomes available and works as expected.

---

Understanding/question

My current understanding is:

• OAuth authentication itself happens only once (in step 1)
• The second iframe load reuses the existing Genesys Cloud login session
• No additional OAuth authorization or token exchange occurs in step 2

Is this understanding correct?

Additionally, is reloading the iframe the recommended approach to enable Framework Client tokens, or is there a better pattern to achieve this without reloading?

Thanks in advance.

#EmbeddableFramework

------------------------------
Katsuya Watabe
------------------------------

Thanks for the suggestion.

We tested again using an OAuth client with Implicit Grant only:

• RemovedusePKCEAuthFlowfrom the framework settings
• Confirmed the Embeddable Framework integration was updated
• Loaded the iframe withenableFrameworkClientId=trueon the initial load

However, we are still seeing the same error:

"Sorry, Genesys Cloud cannot authenticate you at this time.
The OAuth client ID or redirect URI is invalid"

Based on this result, the issue does not appear to be related to PKCE,
but rather to usingenableFrameworkClientId=trueduring the initial iframe load.

The current workaround we are using
(loading the iframe withoutenableFrameworkClientIdfirst,
then reloading the iframe after the login session is established)
works as expected.

This workaround behaves consistently regardless of the OAuth flow type
(PKCE or Implicit).

Please let us know if there is an officially supported way to enable the Framework Client without reloading the iframe, or if this behavior is expected by design.

The `usePKCEAuthFlow` setting is not supported yet (see the Feature postponement announcement at the top of this documentation).

Please try again using an appropriate OAuth client grant type without the `usePKCEAuthFlow` setting to see if that make a difference. Thank you.

------------------------------
Junji Sawada
Senior Software Engineer, Team Lead

Original Message:
Sent: 01-26-2026 20:20
From: Katsuya Watabe
Subject: OAuth error with "enableFrameworkClientId" in Genesys Embeddable Framework – is iframe reload the only solution?

Hi everyone,

I'd like to confirm my understanding around the behavior of enableFrameworkClientId=true in the Embeddable Framework.

Observed behavior

• If enableFrameworkClientId=true is included on the initial iframe load, the UI shows the floowing error:
  • Sorry, Genesys Cloud cannot authenticate you at this time. The OAuth client ID or redirect URI is invalid
• All OAuth redirect URIs (including those with query parameters) are correctly registered in OAuth client.

For reference, we are using the PKCE OAuth flow (usePKCEAuthFlow = true).

---

Workaroud we are using

1. Load the Embeddable Framework iframe without enableFrameworkClientId=true -> OAuth login completes successfully.
2. After the login session is established, reload the iframe with enableFrameworkClientId=true -> PureCloud.User.getAuthToken() becomes available and works as expected.

---

Understanding/question

My current understanding is:

• OAuth authentication itself happens only once (in step 1)
• The second iframe load reuses the existing Genesys Cloud login session
• No additional OAuth authorization or token exchange occurs in step 2

Is this understanding correct?

Additionally, is reloading the iframe the recommended approach to enable Framework Client tokens, or is there a better pattern to achieve this without reloading?

Thanks in advance.

#EmbeddableFramework

------------------------------
Katsuya Watabe
------------------------------

Thank you for the additional explanation.

Reloading the iframe should not be necessary to enable Framework Client tokens if everything is set up correctly.

If you are still encountering the error message after using the correct OAuth client ID and redirect URI, I would recommend to contact Genesys Customer Care and open a ticket with them. We do not have access to customer environments, logs and data from the forum. Support may be able to give you more details about what they see on their end.

Regards,

Thanks for the suggestion.

We tested again using an OAuth client with Implicit Grant only:

• RemovedusePKCEAuthFlowfrom the framework settings
• Confirmed the Embeddable Framework integration was updated
• Loaded the iframe withenableFrameworkClientId=trueon the initial load

However, we are still seeing the same error:

"Sorry, Genesys Cloud cannot authenticate you at this time.
The OAuth client ID or redirect URI is invalid"

Based on this result, the issue does not appear to be related to PKCE,
but rather to usingenableFrameworkClientId=trueduring the initial iframe load.

The current workaround we are using
(loading the iframe withoutenableFrameworkClientIdfirst,
then reloading the iframe after the login session is established)
works as expected.

This workaround behaves consistently regardless of the OAuth flow type
(PKCE or Implicit).

Please let us know if there is an officially supported way to enable the Framework Client without reloading the iframe, or if this behavior is expected by design.

The `usePKCEAuthFlow` setting is not supported yet (see the Feature postponement announcement at the top of this documentation).

Please try again using an appropriate OAuth client grant type without the `usePKCEAuthFlow` setting to see if that make a difference. Thank you.

------------------------------
Junji Sawada
Senior Software Engineer, Team Lead

Original Message:
Sent: 01-26-2026 20:20
From: Katsuya Watabe
Subject: OAuth error with "enableFrameworkClientId" in Genesys Embeddable Framework – is iframe reload the only solution?

Hi everyone,

I'd like to confirm my understanding around the behavior of enableFrameworkClientId=true in the Embeddable Framework.

Observed behavior

• If enableFrameworkClientId=true is included on the initial iframe load, the UI shows the floowing error:
  • Sorry, Genesys Cloud cannot authenticate you at this time. The OAuth client ID or redirect URI is invalid
• All OAuth redirect URIs (including those with query parameters) are correctly registered in OAuth client.

For reference, we are using the PKCE OAuth flow (usePKCEAuthFlow = true).

---

Workaroud we are using

1. Load the Embeddable Framework iframe without enableFrameworkClientId=true -> OAuth login completes successfully.
2. After the login session is established, reload the iframe with enableFrameworkClientId=true -> PureCloud.User.getAuthToken() becomes available and works as expected.

---

Understanding/question

My current understanding is:

• OAuth authentication itself happens only once (in step 1)
• The second iframe load reuses the existing Genesys Cloud login session
• No additional OAuth authorization or token exchange occurs in step 2

Is this understanding correct?

Additionally, is reloading the iframe the recommended approach to enable Framework Client tokens, or is there a better pattern to achieve this without reloading?

Thanks in advance.

#EmbeddableFramework

------------------------------
Katsuya Watabe
------------------------------