We are currently working on integrating PureCloud into our CRM which is a SPA. The idea is to make it possible to place outbound calls from the CRM (the logged in user may call customers’ phone numbers stored in our DB). The question is wether it is possible to generate a single token for the CRM to enable all logged in users place calls. As far as we understood it, all users must log in twice: in the CRM and with the PureCloud credentials… Does it mean that we need to store users’ tokens for PureCloud as well?
This is not possible. Every user must authorize any app that takes actions on their behalf.
Yes, your app must keep track of each user's auth token and use the appropriate token when making requests for a given user. The app will also be responsible for prompting the user to re-authenticate when their token becomes invalid (i.e. expires).
You can read more in the Authorization documentation. You may be interested in the SAML2 Bearer grant if you're using a 3rd party auth provider that supports it. It may allow users to authorize your app without prompting them for credentials, but that's entirely dependent on the 3rd party auth provider.