I am having issues (new to purecloud). I need to authenticate the current user https://login.mypurecloud.com/oauth/authorize within my nodejs app loaded via application url in admin/integrations. Problem is i don't know how to get the client id / client secret from within purecloud - the examples have hard coded id/secret. Please point me in the direction of nodejs premium app implementation when launching from apps.purecloud.com.
var authvalidation = function(req, res, next) {
console.log('\n['+req.method+' '+req.url+ ']');
//if we don't have a session then redirect them to the login page
if((req.cookies && !(req.cookies.session && sessionMap[req.cookies.session])) &&
req.url.indexOf("oauth") == -1){
//redirect the user to authorize with purecloud
var redirectUri = "https://login.mypurecloud.com/oauth/authorize?" +
"client_id=" + client_id +
"&response_type=code" +
"&redirect_uri_is_fake=true" +
"&redirect_uri=https://main-voltage-216101.appspot.com/oauth2/callback";
console.log("redirecting to " + redirectUri);
res.redirect(redirectUri);
return;
}
//if we do have a session, just pass along to the next http handler
console.log("have session")
next();
Hi Tim, our requirement is to allow a user to install our app without manually creating an oauth client id, we should generate one on the fly somehow. Is it the understanding that each organisation administrator needs to use admin -> integrations -> oauth to generate a client id for their organisation? if so how is this accessible via the premium app wizard installer? Like i mentioned the client id is hardcoded into the installer - we need to create on on the user's behalf. If we have this client id accessible we can use it via node etc to make useful calls to the server and allow our app access to the users data.
You do not create an OAuth client per org/customer installation. You create it once in your own org and hardcode it into your app. It will work for all users of your app, regardless of what org the user is in. The only exception is that OAuth clients do not span regions, so you will need to create an OAuth client in an org in each region and ensure that your app uses the correct one for the region the user wishes to authorize with.
I see, this is very helpful, thankyou.. How about getting roles for the user in application - i need the current user's user id - how is this accessible?
Following on from this, it sounds as though our single ClientId/ClientSecret login would provide us access to any user/organisation that installs our premium app (in the given region). If that is so, then fine. However we are using the HTTP/Restful API from our servers to obtain the customers data, and we have not found a way to specify which customer/organisation we want the data for using any of the URIs of the API. There doesn't appear to be any query or post parameter for that. Or is that we need to provide that organisation selection in the login somehow? Or is there a URI that sets the organisation for all following URI requests (we haven't found such)?
Or maybe the above is wrong, and that the ClientId used by the install app, merely provides access to the user's current organisational data (at the time of install), and it is the responsibility of the app during the install process to create another ClientID/ClientSecret in the customer/organisation's account to be used for that customer/organisation only (e.g. using /api/v2/oauth/clients)?
the ClientId used by the install app, merely provides access to the user's current organisational data (at the time of install)
Yes, this grant provides the user access to the organization's data and his own user data.
it is the responsibility of the app during the install process to create another ClientID/ClientSecret in the customer/organisation's account to be used for that customer/organisation only (e.g. using /api/v2/oauth/clients)?
This is correct. The install process needs to create a new OAuth Client (Client Credentials) and pass those details over to the server. Those new credentials will 'know' and work on the specific organization it was created from.
When the user logs in, they choose which org they are logging in to, if they have credentials for multiple orgs (very uncommon). Otherwise, they are automatically authenticated with the only org they exist in. After authorizing using the auth code flow, you get the auth code back in your app and your server exchanges that auth code for an access token. This access token identifies the user and org, so whenever an API request is made with that token, PureCloud knows the user and org context.
In this case, that is not correct. This use case is using the Auth Code OAuth grant. A new OAuth client is only created in each org if a Client Credentials OAuth grant is being used, which is not the case here (so far as we've discussed in this topic). For auth code grants, you should create one OAuth client in your own org and hardcode that client into your app so all users in all orgs in a region use that OAuth client id (as I previously described above).