joel_hellman | 2020-06-03 05:33:28 UTC | #1
I'm looking to upgrade some integrations to use OAuth 2 auth instead of Basic Auth in Genesys Cloud, and have some questions. In my case, I will use a Web Services Data Action type of Integration, with User Defined (OAuth) credentials scheme.
Let's say the OAuth 2 auth provider for our web service returns access_token along with expires_in of 3600 to our User Defined (OAuth) set up Integration in Genesys Cloud. Let's say that the connected (web) Actions are triggered by a call via an Inbound Architect Flow. And let's say we get 10'000 calls per day, where each call triggers on average 2 Actions using this Integration.
- Do the Data Action triggered for each call act authenticate with OAuth independently, so that 1 call would generate 1 call to get accesstoken, and then 2 calls with that accesstoken to retrieve the data? So that it would generate 10'000 accesstokens in a day, and 20'000 authenticated requests. Or do the platform cache the access token (based on the `expiresin` or otherwise), so it makes 1 call to retrieve access token and 20'000 authenticated requests per day - ?
- If the platform caches the accesstoken returned during the initial auth request, what happens when the `expiresin` is passed?
- Our architecture is primary scoped for OAuth 2 auth schemes. This is a point in favor of upgrading. However, I'm unsure of the performance implications of switching from Basic to OAuth Credentials? Given that triggering web actions doesn't cached access token (my question 1), wouldn't that imply an overhead on OAuth's part because each set of requests within a context (like an Architect Flow execution or Script) needs to grab that access_token, whereas Basic Auth wouldn't?
I'm no expert in web security so my questions might be uninformed, but I'd appreciate any clarifications!
Jason_Mathison | 2020-06-03 06:16:28 UTC | #2
Hi Joel!
The short version is that you should be fine to make the switch to OAuth2 instead of Basic Auth.
Moving on to the specifics:
- Data Action service caches a few access tokens across all users of an integration. It will use the same access tokens for all inbound calls that access a given integration.
- Data Actions don't pay attention to the expires_in field. The Data Action service gets a new access token if it gets an authentication error response, or if the token expires out of its cache.
- The access tokens are cached, so the number of extra auth round trips should be very small compared to the overall number of requests.
--Jason
joel_hellman | 2020-06-03 06:27:52 UTC | #3
That is awesome, then I'll definitely make the switch. Thanks Jason!
system | 2020-07-04 06:34:44 UTC | #4
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.
This post was migrated from the old Developer Forum.
ref: 7949