Dear Genesys Enthusiast,
I'm trying to use Google cloud platform API in Architect.
I've created a Google Data action integration
2.I'm stuck at the step of generating Auth token, as in Genesys Data Action has single url to call and generate a token. In this Google API we've given 2 URI's as auth and token uri.
I appreciate your effort in this request. Thank you
The following has been shared from API Team to generate a token:
private_key_id
private_key
client_email
client_id
auth_uri
token_uri
auth_provider_x509_cert_url
client_x509_cert_url
Can you provide a link to the documentation for the Google API that you are attempting to use? We support 2 specific types of Google API authentication, so we may or may not currently have support for the API you are trying to use.
Thank you for your quick response Jason. Please let me know if this API is supported or if we've in roadmap currently.
Here is the info related to the API. *For our API’s, authentication is done using an OIDC token obtained by using service account credentials. The below link is Google’s documentation on programmatic authentication using OpenID Connect (OIDC). *
Access tokens periodically expire and become invalid credentials for a related API request. You can refresh an access token without prompting the user for permission (including when the user is not present) if you requested offline access to the scopes associated with the token.
Thank you for the additional information. I put up a ticket on our board to dig into this question, however due to staffing this week I doubt that we will have a response to you until next week.
Thank you for responding Greg. I've created integration.
The problem here is with the Authentication/getting token & refresh token. This can be done easily by coding(ex java/.Net). We have use Auth URI and Token URI. We also need to get refresh token after 24 hours. In the Genesys custom action, we've place for single URI.
I don't think this can be done in Genesys custom action currently. Please take a look and let me know. I appreciate your help.
We are getting the following error. Please take a look.
{
"message": "Substitution values invalid in action config. Variable $credentials has not been set at HeadersTemplate:Authorization[line 1, column 48] A common reason for this error is needing to prepend the variable with 'input.' or 'credentials.'",
"code": "invalid.substitution",
"status": 400,
"messageParams": {},
"contextId": "3cf0a361-bfc3-405a-8c8b-504b482fad8b",
"details": [
{
"errorCode": "ACTION.PROCESSING"
}
],
"errors": []
}
What you are trying to do is not supported. We do the authentication using the credential information if using Google Cloud or GSuite. The action type is intended for use accessing GSuite APIs and not for doing your own authentication.
AppSpot is not something we have done any testing with. Can you send us a link to the specific documentation within google that documents rest calls to this and how it authenticates. I have not had any luck finding that in google doc set.
There is a good chance that we are not going to be able to support this directly and that you will need to write a Cloud Function that calls your AppSpot interface.
Thanks! That helped greatly. I can see from that doc why our JWT does not work. If you are using idenity-aware proxy, then our JWT will fail because it does not contain "target_audience".
At this time we do not support any authentication that needs that value. The only API we currently test and can say works 100% is the Function API. I will discuss adding the target_audience to our credential configuration with our Product Manager and Development team, but I think it is unlikely we are going to make the change because supporting every variant of Google's APIs is looking very problematic from a permutation comlexity and texting perspective.
Are you able to create a Google Function to handle your API needs, and then call that Function from a Data Action? That is likely to be our recommended solution to situations like yours.