Thanks, Thomas. Do you happen to know of any strategies I could follow? My goal is to centralize the creation of OAuth clients from a Terraform module where I pass the permissions I need and create the OAuth in Genesys.
Original Message:
Sent: 12-04-2025 04:03
From: Thomas Kamm
Subject: How create oauth client with terraform
Hi Jesus,
We also came across this issue-but it's not a bug, it's a feature. 😉
You always need to have the roles assigned that you want to grant to an OAuth client.
Create an OAuth Client Documentation → Number 7: "Note: To grant roles to an OAuth client, you must have those roles assigned to your profile."
Also, keep in mind that the implicit-grant OAuth will be deprecated soon.
https://help.mypurecloud.com/?p=402282
Kind regards,
Thomas
------------------------------
Thomas Kamm
Original Message:
Sent: 12-03-2025 16:08
From: Jesus Garces
Subject: How create oauth client with terraform
I need to create oauths using terraform modues
resource "genesyscloud_auth_role" "client_role" {
count = var.authorized_grant_type == "CLIENT-CREDENTIALS" ? 1 : 0
name = "name-${var.module}-${var.environment}-${var.customer}-role"
description = "Rol para credenciales OAuth de ${var.module}-${var.environment}-${var.customer}"
dynamic "permission_policies" {
for_each = var.permission_policies
content {
domain = permission_policies.value.domain
entity_name = permission_policies.value.entity_name
action_set = permission_policies.value.action_set
}
}
}
resource "genesyscloud_oauth_client" "client_credentials" {
count = var.authorized_grant_type == "CLIENT-CREDENTIALS" ? 1 : 0
name = "name-${var.module}-${var.environment}-${var.customer}-client-credentials-oauth"
description = var.description != "" ? var.description : "Credencial OAuth CLIENT-CREDENTIALS para ${var.module}-${var.environment}-${var.customer}"
access_token_validity_seconds = var.access_token_validity_seconds
authorized_grant_type = "CLIENT-CREDENTIALS"
state = var.state
# Rol creado automáticamente - una entrada por cada división
dynamic "roles" {
for_each = var.division_ids
content {
role_id = genesyscloud_auth_role.client_role[0].id
division_id = roles.value
}
}
# Roles adicionales opcionales (ya tienen sus divisiones configuradas en Genesys)
dynamic "roles" {
for_each = var.additional_role_ids
content {
role_id = roles.value
}
}
depends_on = [genesyscloud_auth_role.client_role]
}
# Genesys OAuth Client - TOKEN (Implicit Grant)
resource "genesyscloud_oauth_client" "implicit_grant" {
count = var.authorized_grant_type == "TOKEN" ? 1 : 0
name = "name-${var.module}-${var.environment}-${var.customer}-implicit-grant-oauth"
description = var.description != "" ? var.description : "Credencial OAuth Implicit Grant para ${var.module}-${var.environment}-${var.customer}"
access_token_validity_seconds = var.access_token_validity_seconds
authorized_grant_type = "TOKEN"
registered_redirect_uris = var.registered_redirect_uris
scopes = var.scopes
state = var.state
}
The problem is that I cannot assign the role I created to the OAuth that Terraform will create because the OAuth I use for the Terraform provider does not have the role that Terraform will create assigned to it.
#CXasCode
------------------------------
Jesus Garces
NA
------------------------------