Oauth with Multi Org Support

Stew_Mc · April 21, 2022, 4:45am

Hi

I have an Oauth flow within my application using Authorization Code Grant, that all works great, a user hits the link they login in at /oauth/authorize? with all the right query parameters. The redirect then hits my app and I can do automated onboarding or just log the user in etc. So all good.

I now though have a client who logs in using PureCloud as their user is associated with multiple organizations and they wish to be able to select during the sign in process which organization they are logging in to.

I can't see how this is support in the Oauth API. It was suggested to use HTTP requests, but I can't figure out what url the user would initially hit to preserve the oauth code request and then follow the redirect etc to get my access token.

Is this possible? I won't know the organization in advance so will need to preserve the query params, all the way through the organization selection and the login.

I guess I'm hoping there is some sort of /authenticate-adv/org/oauth/authorize? url that I'm just not seeing in the documentation.

Any guidance/advice or clarification on the feasibility would be greatly appreciated.

Thanks in advance
Stewart

tim.smith · April 21, 2022, 1:33pm

Basically, that's none of your business. You redirect the unauthorized user to the login service as normal. When the user logs in, if they have org trust orgs available to them, they'll get to choose which org to log in to after entering their credentials but before being redirected back to your app; this is a feature of the Genesys Cloud login screen. I can't find any doc pages that document that flow, but the screen that shows when you have paired orgs available to you looks like this:

When you get an auth token, you can tell if the user is in their home org or not by calling GET /api/v2/users/me?expand=token and comparing the values of token.organization.id and token.homeOrganization.id to see if they match. No match means the user logged in to a trusted org.

Stew_Mc · April 26, 2022, 3:38am

That's really great, thanks Tim for clarifying.

system · May 27, 2022, 3:38am

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.