Genesys Cloud - Developer Community!

Customer provided some APIs to call within architect flows. These APIs require Bearer Token authorization. Customer provided us with client credentials (client id and client secret) and a sample POST request to retrieve the bearer token:

curl --request POST \
  --url https://{env_domain}/openid-connect/token \
  --header 'Content-Type: application/x-www-form-urlencoded; charset=utf-8' \
  --data client_id={client_id} \
  --data client_secret={client_secret}\
  --data grant_type=client_credentials \
  --data scope=<Some Specific Scope>

So we created a new Integration object and configured the necessary User Defined (OAuth) credential parameters. We added the scope attribute as well, but this seems to be ignored. Per our understanding, if you configure User Defined (OAuth) credentials, you can only define the following fields: loginUrl, clientId, clientSecret. When we are trying to call an API we get an error message like the following: "required scopes <Some Specific Scope> not present" meaning that the scope is ignored.

How can we deal with the above? Is there any alternative?

Hello,

I assume that by creating "a new Integration object", you mean creating a new Web Services Data Actions Integration, with User Defined (OAuth) credentials.

"Per our understanding, if you configure User Defined (OAuth) credentials, you can only define the following fields: loginUrl, clientId, clientSecret" -> No, it is not correct. You can add fields.

When you create a Web Services Data Actions integration with User Defined (OAuth) credentials, a specific Data Action will be created automatically to manage the login step. This Data Action is of type "Custom Auth", and its name is the same than your Web Services Data Actions integration, with " (Auth)" at the end (e.g. "My WebServices Integration (Auth)"). You can find some info on this Resource Center page: https://help.mypurecloud.com/articles/how-to-use-the-user-defined-oauth-credential-type/

If you add new fields (other than loginUrl, clientId, clientSecret), you will need to edit and modify this Custom Auth Data Action to take them into account.

• In GC Desktop menu, go to "IT and Integrations" -> "Data Actions". Find your Custom Auth Data Action and open it.
• By default, it is already published. Click on the "Viewing Published" toggle at the bottom of the page to go back to draft mode.
• Select "Setup" tab and go to the "Configuration" section.
• In the "Action Configuration" - "Request", you can define the Request url, body and headers.
• Modify the Request body to take into account your new "scope" input field.
  • Switch from Simple to JSON view (it is not a requirement, it is just because what's below is easier to show/set in JSON view)
  • Modify the requestTemplate attribute to add/take into account your scope input (in the example below I am also escaping the scope value - not knowing what you are using as scope value but in case it contains a url like value or special characters)

{
  "requestType": "POST",
  "requestTemplate": "grant_type=client_credentials&scope=$esc.url(${credentials.scope})",
  "requestUrlTemplate": "${credentials.loginUrl}",
  "headers": {
    "Authorization": "Basic $encoding.base64(\"${credentials.clientId}:${credentials.clientSecret}\")",
    "Content-Type": "application/x-www-form-urlencoded"
  }
}

• Once you have made your modification, click on "Save & Publish"

Regards,

------------------------------
Jerome Saint-Marc
Senior Development Support Engineer
------------------------------