Integration with external webservice using OAuth grant_type=password instead of credentials

We need to setup our Genesys Cloud organization to securely consume our customer tool related API for additional details about our customers.

To access the API, we need a valid JWT token. The token is generated by using identity server. As these APIs are accessed by the machine (Genesys Cloud) so we can use the client credentials and service account with the grant type as password.

Genesys offers the User Credential (OAuth) integration definition but this automatically generates custom action for auth requests to get token with grant_type=credentials which does not fulfill our requirements and getting the token is failing with 400 error bad request as unauthorized client trying to obtain token which is obvious as we do not authorize properly with username and password and o not deliver the proper scope.

Is it possible to setup proper integration using clientId, clientSecret using grant type password so as we use service account username and password with scope definition?
I tried to setup in webservice user credentials fields the username, password, scope as well grant_type but it does not change the generated action to get the token to use proper grant type.

Our auth endpoint expects:
curl --location '$URL'
--header 'Content-Type: application/x-www-form-urlencoded'
--data-urlencode 'client_id=genesys'
--data-urlencode 'client_secret={{genesysClientSecret}}'
--data-urlencode 'grant_type=password'
--data-urlencode 'scope=genesys'
--data-urlencode 'username={{username}}'
--data-urlencode 'password={{password}}'

and we do not know if the custom action for getting token is possible to be adjusted, because in configuration this option is grayed out to edit the data action.
Should I follow different approach, is it even possibleto use this type of authorization fo this request to get the token which I would use then in another custom action to query the customer data?

Thank you for hints

Typically the JWT request payload requires specific encryption and signing that is too complex to support at this time.

For complex authentication like JWT and some other credit card related authentication types we suggest using AWS Lambda based actions so that you have complete control of how your authentication is performed.

However; if the encryption and signing requirements are not needed for this authentication, this this should be possible using our Custom Authentication Integration type.
Custom Auth Integration will create an Custom Auth Action that is then edited to perform the REST call to obtain your token.

The documentation for configuring a data action integration for custom authentication:

Thank you Greg, no encryption and signing like you mentioned. I missed the point of how to edit that function and realized too late I have to switch the published version of teh data action to draft first to have ability to edit completely the request to desired JSON format.

All good now and I am dealing at this moment with bad username and password error but that I hope will be different and easier story to resolve.

Thanks for kick to right direction

Frankly, it would be more clear if the documentation shows click this completely grayed out button to make your custom action request format editable I kinda missed this and thought it is not possible.

Thanks for help!

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.