dkprado | 2018-04-11 14:08:46 UTC | #1
Hi there.
I have a web application currently using a (user/password) authentication in the front, to hide the usage of client-credentials grant type to communicate with the Platform API. Different users in my web application are authenticated in two different Organizations, with two different sets of clientID/Secret.
I want to migrate my custom user authentication to the Authorization Code, with the PureCloud UI. I know how it works (basics) and I'm able to get the authorization code back from the UI. However, I still need to separate users from the two distinct Orgs. User A is supposed to see contents of Organization 1, while User B is supposed to browse Organization 2 data.
Question 1: is this Authorization Code authentication organization oriented? I mean, can I promote the separation of users depending on which Organization they used to authenticate? I am currently separating them on my website front, having one Client ID for each organization. What confuses me is that only have the Authorization Code credential under ONE organization. Do I need one credential on each Organization?
Question 2: I understand I still need to negotiate the Token, with the ClientID/Secret, after authorizing the user. Is this correct? Do I use the same "client-credentials" procedure for the Token negotiation? Does this mean that my application will use two different OAuth methods form the PureCloud platform?
Thanks a lot.
KevinGlinski | 2018-04-11 19:01:54 UTC | #2
auth code and implicit oauth clients are for an application, not an organization so you can create the same app that both customer 1 and customer 2 can log into. those users who log in only have access to their own data in their own org. If you want to know which org they are in, call /organization/me
after the redirect from login.mypurecloud back to your app, you'll get an authorization code which you need to exchange for their bearer token. The process is different from client credentials, you can see this tutorial or specific details of the exchange
dkprado | 2018-04-11 19:24:09 UTC | #3
Thanks for the reply. It's nice that I can get the user's organization. I can use this to redirect the user when back to my website app.
One last question on this: I understand that any authorized user in PureCloud (within my region) would be authorized to reach my website. How can I narrow this to only my users, from my different orgs?
Thanks again.
KevinGlinski | 2018-04-11 19:29:25 UTC | #4
that is correct. You'll have to keep a whitelist of org ids or names and call /organization/me and see if that org is in your whitelist.
system | 2018-05-12 19:37:43 UTC | #5
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.
This post was migrated from the old Developer Forum.
ref: 2725