We are building a call flow which will invoke up to 4 different Data Actions (including authentication), with a minimum of 2 being invoked (including authentication). Our APIs behind the Data Actions are secured and require a valid token to action all their requests.
In this case, we are using a Custom OAuth Data action which interacts with our Authentication API to get authenticated and acquire its JWT token. These are ID Tokens which are valid for 1 hour. They are issued by AWS Cognito.
The Data actions need to be invoked before the call is delivered to an agent which means that any latency incurred during the authentication phase will impact the caller's customer experience.
We have done some testing of our own after implementing a basic call flow to test the Data Actions with authentication included. This is to verify the behaviour of Token reuse is going to be appropriate for our Authentication API capabilities.
What we found was that after making a small number of sequential test calls we did not see 1 token acquired and reused but rather multiple tokens with a small amount of reuse.
In our first set of 8 test calls we found the reuse split as follows: 3 uses, 2 uses, 2 uses and 1 use
In our second set of 12 test calls we found the reuse was as follows: 6 uses, 3 uses, 2 uses and 1 use
The two sets of test calls were made within 30 minutes of each other and there was no overlap in tokens across the two sets.
Our concern is that there is no clear pattern in the reuse and the percentage of reuse is not as high as we would like, as it could certainly have been the same token for all 20 calls based on its hourly TTL.
We'd like to know if there is anything we can do with our configuration to potentially improve the reuse. Or is there any alternative suggestions in OAuth types that would provide better reuse? For example, using OAuth with client_credentials instead of Custom OAuth.
Thanks in advance for your assistance.
Additionally from what we can tell our query and investigation is very similar to these topics:
HI r.zakariudakis, I really appreciate your attention to both security and end user experience!
Before digging too much into the details of authentication, have you checked the behavior of your data actions in the Data Action Performance Summary view to see if they are performing at an acceptable level?
If you were to load test your data actions for a while you would find that a limited number of authentication tokens would be generated and reused for their 1 hour lifetimes. The number of tokens in use would vary by how busy the Genesys Cloud region is, but would generally be less than 100.
For a busy data action the percentage of data executions that would generate a new Authentication token is very low, likely less than 1%.
As you noted this question has come up quite a few times. I will see about adding this to the data action FAQ.
Thanks for your quick response! I have found the performance summary view as you suggested, and will proceed with gathering some more significant call volumes to verify the performance. Do you have any information as to how the data executions would behave for infrequent or low-volume call flows in terms of the percentage that may generate a new Authentication token?
I don't have any easy answers for that. Depending on how low-volume the action is, it could end up having to authenticate most of the time. That may or may not be an issue based on how long it takes to authenticate.