When a user logs into the Genesys Cloud browser UI, there are two places an access token is stored: localStorage and sessionStorage. Currently, I am piggy backing on the authentication access token from localStorage to authorize the WebRTC SDK and plan to do the same for the Platform api; or use sessionStorage -- which makes more sense.
However, I wanted to know if there is an official/supported way to leverage the existing authorization access token / session for such a purpose as this?
You must implement one of the OAuth flows to authorize your custom applications. Aside from being a bad security behavior, scraping a token from another app is almost guaranteed to cause its functionality to be negatively impacted due to rate limiting and other token-based considerations. It also violates the API on-demand fair use policy and could subject your organization to a billing dispute due to inappropriate usage of the platform.
The OAuth flows have a feature to auto-authenticate the user without the user seeing the login screen when they have a valid session cookie with the auth service. This is a built-in feature; all you need to do is implement the OAuth flow to take advantage of it. (note that this feature can be disabled by your administrator, e.g. HIPAA orgs)
Thank you Tim! I appreciate the clarification and was wondering about the auto-authentication feature. As a note, this has only been in development and we are not using this anywhere at the moment. Appreciate the quick response as always.