Adding OAuth - Part 3: Managing the authorization flow

Have more questions? Submit a request

8 Comments

  • Jordy Mont-Reynaud
    Comment actions Permalink

    Awesome tutorial, again. Super nitpicky thing but there's a typo near the top of the page: "Anasa" instead of "Asana": "Redirect the user to the Anasa authorization page"

    0
  • Charles Nadeau
    Comment actions Permalink

    Thanks! Typo fixed.

    0
  • Ed Vinyard
    Comment actions Permalink

    The suggested final OAuth redirect no longer works.  Sending a user to 


    https://acme.zendesk.com/agent/tickets/?token=asdf


    immediately redirects them to


    https://uship.zendesk.com/agent/tickets/


    discarding the OAuth token from the query string.


    A workaround that used to work, redirecting to a static asset included with an App (e.g., "postauth.html") used to work, but stopped some time in the past week or so when Zendesk switched from hosting those assets on the same domain to an entirely different one.


    For me, assertURL("postauth.html") used to return something like


    /54321/assets/987654321-1a2b3c/postauth.html


    Now it returns


    https://54231.apps.zdusercontent.com/54321/assets/987654321-1a2b3c/postauth.html


    Because that's not in the same domain, it doesn't work for the OAuth redirect.


    Any suggestions on how to actually get OAuth to work in my app?  


    Any suggestions on how to get it to work so Zendesk won't just break it without announcement again in a few months?


     

    0
  • Vishal Mittal
    Comment actions Permalink

    This example is not working for me. When I redirect from my server in "auth/handle_decision" using 

    "redirect('https://your_subdomain.zendesk.com/agent/tickets/{}'.format(request.query.state))"

    , it only redirects the iframe in which my app is running (inside zendesk), thereby loading the zendesk agent ticket within the iframe of the agent ticket. 

    Any suggestions? Thanks.

     

     

     

     
    0
  • Bryan - Community Manager
    Comment actions Permalink

    Hi Vishal. DId you resolve this? The code that you reference is supposed to bring up a ticket in the agent window. Can you give more details or a screen shot of what's happening and what's expected?

    0
  • Vishal Mittal
    Comment actions Permalink

    Hi Bryan, just seeing your comment. The problem is not resolved. Please see attached screenshot. When I redirect to the ticket, the zendesk ticket interface shows up within the iframe I have created within the zendesk app.

    0
  • Vishal Mittal
    Comment actions Permalink

    Another problem is that the example above suggests that domain be hardcoded in the server app. I am building a client to serve multiple customers with different domains. How do I handle that situation?

    0
  • Matthew Cobb
    Comment actions Permalink

    Just a heads up, for this example server, Chrome emits a console Warning about cross site settings:

    A cookie associated with a cross-site resource at ... my server ...  was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032 

    0

Please sign in to leave a comment.

Powered by Zendesk