I was able to setup authenticated Web Messaging and am now looking to use data actions with the access token of the authenticated user for a web messaging session.
I am unable to determine from the docs or poking around in Architect how that information is exposed or used for this purpose.
Any guidance would be much appreciated!
Example of what we are trying to do:
user logins via OIDC for Genesys Web Messaging (access token scoped to user obtained in background already)
call Data Action using access_token from above as Authorization header
I see Messaging.isAuthenticated is an exposed field in the flow but that is just a boolean and not useful for our needs
Hi - thanks for raising this, it's a valid use-case, we are considering as future improvement, see this Idea (and please vote) > Genesys Cloud Ideas Portal
We don't (want to) expose Access Token to application layer for security reasons, so the idea would be to propagate it securely into Data Actions to ensure external APIs can be executed on behalf of End-User's authenticated scopes and permissions.
When you say "you don't want to expose the access token to the application layer", what does that mean? I assume Genesys Cloud will store the user access token obtained through the OIDC flow in the backend; isn't it already available for subsequent Data Action requests throughout the conversation?
Also, I'm not able to find the idea and vote here Genesys Cloud Ideas Portal; it prompts me for employee authentication. This feature would definitely help us.
Basically, we cannot make access token directly available as a variable, to use within Architect Flows, to avoid potential mis-use. Propagating the token would be entirely hidden to application layer and be addressed within platform.
In order to access Ideas Portal you would need to have a Genesys Account, would recommend to start from here.