stanislav.skljar | 2023-06-19 11:23:15 UTC | #1
Our company use generic sso provider (keycloak) with saml protocol. Under the hood keycloak use ldap.
I want use implicit grant
because OAuth2 SAML2 Bearer require provide <clientid>:<clientsecret> as i understand our private user id is Ldap and password. That is bad option because security restriction provide organization password to third company (genesys)
additional context information: user access token is required to make call to /api/v2/conversations/calls Create a call conversation
we can`t make manual call from user by using backend token (auth client credentials)
That`s why i want use implicit grant. first problem: there is no option for generic sso https://developer.genesys.cloud/authorization/platform-auth/additional-parameters>
provider
Authentication provider to log in with. Valid values are "okta", "adfs", "salesforce", "onelogin", "gsuite", or "ping".
code:
import platformClient from 'purecloud-platform-client-v2/dist/web-cjs/bundle';
const clientId = "{genesis user id}";
let client = platformClient.ApiClient.instance;
client.setEnvironment(platformClient.PureCloudRegionHosts.eu_central_1);
client.setPersistSettings(true, 'optional_prefix');
client.loginImplicitGrant(clientId, "https://{domain}/genesys-front-desks-factory-widet/stage.html?conversationId=f1acd67a-a455-4f8a-881d-901f673e0459", {"org":"{companyId}","provider":"okta", "target":"{companyId}" })
.then((data) => {
console.log(data);
})
.then(() => {
// Make request to GET /api/v2/users/me?expand=presence
return usersApi.getUsersMe({ 'expand': ["presence"] });
})
.then((userMe) => {
// Handle successful result
console.log(Hello, ${userMe.name}!);
})
.catch((err) => {
// Handle failure response
console.log(err);
});
main problem : after widget loaded client.loginImplicitGrant redirected to https://login.mypurecloud.de/oauth/authorize?client_id=433d7c75-fce0-43e5-a0e8-3cf0e398c179&response_type=token&provider=okta&org={companyId}&redirect_uri=https://{domain}/genesys-front-desks-factory-widet/stage.html?conversationId=f1acd67a-a455-4f8a-881d-901f673e0459
after that i have message that Genesys Cloud don`t know user or user is expired. (and i see option for login) second time i select region, company and redirected (in frame) to sso privider - keycloak i provide ldap and password and keycloak redirect me back to genesis (in frame) but genesys not redirected me to redirect_uri that part is broken.
system | 2023-07-20 11:23:27 UTC | #2
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.
This post was migrated from the old Developer Forum.
ref: 20524