Hi!
I am implementing a Support App and I want each Zendesk user (admins, agents) to authenticate using OAuth to a third-party API before using the app. Each user would have a different account in my API.
I've tried doing this using the grant type authorization code, but this seems to be supported only for admins.
So now I've tried switching to client credentials following the docs here and use a single user in my API and sending some identifier in the Headers of my API requests to differentiate users. So as an admin I'd create the OAuth Client, start a client credentials flow and use the URL to make an Exchange Verification Code request to get my access_token. Then I would like to store that token somewhere in metadata maybe, so that all users can use it to make requests to my third-party API.
These are my questions:
1. The response I get from the Exchange Verification Code shows "******" for the access token. How can I retrieve the real value?
2. After getting the correct value for the access token, where should I store it so that I can use it for all Zendesk users using my Support App?
3. Would there be a better way to implement all this?
Thank you!
So the flow seems to work, but I don't know how to get the real value of the access token to use it when making my API calls. And where to store it so that I can access it for all Zendesk users using my Support App.
At this point in the flow, the response should include the access token. I'd like to see whether the OAuth connections service is actually receiving one. Can you check the token URL for the OAuth client you started the flow on to ensure that it's your endpoint that supplies the token? Also are you able to successfully return an access token when requesting one from the token URL directly (not using the OAuth connections service)?