Questions about scopes

WebRTC SDK
1

I have two questions about scopes in WebRTC SDK:

  1. In the documentation for scopes for WebRTC SDK, https://developer.genesys.cloud/api/webrtcsdk/#app-authorization , it says it needs authorization and organization scopes. Not the read-only variants, it needs the read / write scopes. Are these correct? It seems like a lot of power to be giving to a softphone. We'd like to limit what clients do to the bare minimum needed to make our application work.

  2. The SDK makes a request to /api/v2/diagnostics/trace which fails with a 403. The response says "App not authorized to use scope [diagnostic]", but there is no diagnostic scope available to me from the OAuth UI.

2

  1. It should be fine to use the read-only variants. Off the top of my head, I can't think of any data that it actually modifies.

  2. This is something we need to look at. There's an internal only scope for diagnostics. We need to either expose this in a better way or default to an opted out position for diagnostics gathering.

3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.