Genesys Cloud - Main

One of our developers has a OAuth Client (Token Implied Grant) and gets an error when trying to access "GetSpeechandtextanalyticsConversationCommunicationTranscripturl".

With error:

Error calling GetSpeechandtextanalyticsConversationCommunicationTranscripturl: {"message":"An error has occurred, please contact support. Message: Forbidden: 

How are permissions controlled via a Token Implied Grant OAuth? If this is the error.

#Integrations

------------------------------
Andy Forbes
Domestic & General Services Limited
------------------------------

For any Genesys Cloud API you are calling, you'll need to look at the "Operation Information" for that API to make sure that the proper permissions and/or scopes are applied to allow access to that API from the application.

For Token Implicit Grant OAuth (https://developer.genesys.cloud/authorization/platform-auth/use-implicit-grant) clients, you'll need to consider both Permissions and Scopes.  The Scopes (https://developer.genesys.cloud/authorization/platform-auth/scopes) are setup on the OAuth client configuration and they just indicate that the app wishes to have access to certain API resource categories.  Since an Token Implicit Grant authorization runs in a user-context, then the user also has to have the proper permissions assigned to them.  These same rules apply to Authorization Code Grant and PKCE Grant clients as well.

Note, for Client Credentials Grant OAuth clients, scopes don't come into play.  A role is assigned to a Client Credentials Grant OAuth client and the permissions in that role completely control access since that grant type doesn't run in a user-context.

In the future, you might consider posting developer-focused questions on our Developer Forum (https://developer.genesys.cloud/forum)

I hope that helps.

------------------------------
Jim Crespino
Senior Director, Developer Evangelism
Genesys
https://developer.genesys.com
------------------------------

Hi, ok thanks. Makes more sense now. 

------------------------------
Andy Forbes
Domestic & General Services Limited
------------------------------

Original Message:
Sent: 10-24-2023 09:53
From: Jim Crespino
Subject: OAuth (Token Implied Grant) - Error when trying to use Transcriptions API

For any Genesys Cloud API you are calling, you'll need to look at the "Operation Information" for that API to make sure that the proper permissions and/or scopes are applied to allow access to that API from the application.

For Token Implicit Grant OAuth (https://developer.genesys.cloud/authorization/platform-auth/use-implicit-grant) clients, you'll need to consider both Permissions and Scopes.  The Scopes (https://developer.genesys.cloud/authorization/platform-auth/scopes) are setup on the OAuth client configuration and they just indicate that the app wishes to have access to certain API resource categories.  Since an Token Implicit Grant authorization runs in a user-context, then the user also has to have the proper permissions assigned to them.  These same rules apply to Authorization Code Grant and PKCE Grant clients as well.

Note, for Client Credentials Grant OAuth clients, scopes don't come into play.  A role is assigned to a Client Credentials Grant OAuth client and the permissions in that role completely control access since that grant type doesn't run in a user-context.

In the future, you might consider posting developer-focused questions on our Developer Forum (https://developer.genesys.cloud/forum)

I hope that helps.

------------------------------
Jim Crespino
Senior Director, Developer Evangelism
Genesys
https://developer.genesys.com
------------------------------