Use Authorised code at Backend Sevice

Ajay_Mittal · June 30, 2020, 8:04am

Hi,

I was trying to make voicemail API calls and faced permission issue because Client Credential can not access an API which requires user context.
More details: https://developer.mypurecloud.com/forum/t/permission-for-voicemail-media-api/8076/2

Now I am trying to use the Authorised code grant at backed but I am not very sure how that redirect uri is going to work for https://login.mypurecloud.ie/oauth/authorize api.

Cause at backend I won't be authorizing using any login username and password.

At the backend, I just have the oAuth credentials with Grant type "Authorised code grant" and I want to get the access token and make purecloud voicemail API calls.

Can you point me in the right direction?
Our services are in coded in Go

Jerome.Saint-Marc · June 30, 2020, 9:16am

Hello,

The Authorization Code grant flow does not work like this.
It requires a user to authenticate (needs login with username and password) - Grant - Authorization Code.

If you have a server-side application that doesn't involve users (I mean users accessing an app and authenticating on PureCloud - so that Platform API requests can be made on their behalf/with their credentials), then your only choice is the Client Credentials Grant.

If Client Credentials grant does not allow what you need (in terms of API endpoint), you would have to request new features and share your use case at https://purecloud.ideas.aha.io/ideas

As an example:

A user opens his web browser/client to access a resource (web page/url) managed/served by a Server App (server-side code).
The Server App needs to make Platform API requests on behalf of the user, and determines that it doesn't have an access token for that user.
The Server App requests the user to log on PureCloud (it sends a request to redirect to login.mypurecloud.ie/oauth/authorize).
The web browser/client receiving a request to redirect to login.mypurecloud.ie/oauth/authorize makes a request to that page/url (served by PureCloud).
The user enters his username/password in the displayed web page (served by PureCloud) and login.
If PureCloud authorizes the user, it sends a redirect to the user with a target/redirect url pointing to a page/url served by your Server App. The target/redirect url also contains the authorization code provided for this user in the query parameters.
The web browser receiving a request to redirect to "https://your.server-app.com/onauthorized.html?code=ABCD" makes a request to that page/url.
The Server App managing/serving that page extracts the code from the query parameters, and can make a request to PureCloud (server-side) to obtain an access token out of this authorization code (login.mypurecloud.ie/oauth/token). It can then sends Platform API requests to PureCloud (using this access token) - requests on behalf of the user who signed in.

Hope this clarifies.

Regards,

system · July 31, 2020, 9:17am

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.