Summary: PureCloud will soon introduce OAuth scope for applications, a feature providing PureCloud orgs with the means to limit app’s access to user and organization data. Scopes provide an additional layer of authentication that is specific to applications. Scopes help the OAuth client creator and authorizer identify specific areas and functionality which can be granted to an application. See About Authorization for more details.
Context: PureCloud organizations will be required to grant authorization for add-on applications utilizing an OAuth Client to access their organization’s data.
Date of Change: OAuth scope for applications will be introduced on or after March 27th, 2019. This release date is tentative. Please check PureCloud Release Notes to confirm the actual release date.
Impact:
Existing OAuth applications will not be affected. Customers will not be required to authorize these applications.
Existing third-party applications (AppFoundry offerings, for example) will not be affected. Customers will not be required to authorize these applications.
Application developers who update their OAuth Clients on or after this feature is released, will be affected along with any customer utilizing the updated client. Any organization using the updated OAuth Client will be required to authorize the client before it will be allowed any API access. Once existing OAuth Clients are updated they will not have access to access data using the OAuth Client until authorized by an administrator of the organization.
Application developers updating their OAuth Clients are responsible for notifying their customers / users of the OAuth Client of the upcoming changes prior to updating / implementing a new OAuth Client.
Impacted APIs: All PureCloud API called by an OAuth Client created on or after the release date.
I'll add that the scopes that are required are now listed with each api resource and we will be releasing a tool to show you which scopes your application is currently using so you know which ones will need to be added to your client configuration.
How would this 'approval by an administrator' flow work?
When logging in with an agent for an non-approved OAUth client, I suppose they get an error message?
Is an administrator, when logging in with the OAuth client, immediately redirected to a page allowing him to approve, or would he need to go into the purecloud admin himself, in order to (via one of the modules) 'approve' the Oauth client?
(not planning to change our As-Is Oauth clients right now, so we shouldn't have impact, but would like to understand the flow in case we do )
Stijn - Once a admin loads up your app, your app will need to direct them to PureCloud to authorize your client with scopes. We'll be enhancing the platform to handle authorizing your client with scopes during the install in PureCloud in the near future too.
As long as you don't update your client, there's nothing for you to do. You're grandfathered in
Hi there Mathieu - please note that the original post has been updated with a release date of March 20th, 2019. Please do monitor our Release Notes for the official release announcement. Thank you!
Mathieu - We are targeting March 27th right now. We've had to make a couple adjustments for a feature called ACL's (aka Divisions) coming out in the very near future. It's already GA in a couple of regions.
AppFoundry Vendors - We will be enabling the Beta of this feature in your orgs this Wednesday the 22nd of May. Look for an email from me tomorrow with documentation links.
)