Adding OAuth - Part 3: Managing the authorization flow

Have more questions? Submit a request

10 Comments

  • Jordy Mont-Reynaud
    Comment actions Permalink

    Awesome tutorial, again. Super nitpicky thing but there's a typo near the top of the page: "Anasa" instead of "Asana": "Redirect the user to the Anasa authorization page"

    0
  • Charles Nadeau
    Comment actions Permalink

    Thanks! Typo fixed.

    0
  • Ed Vinyard
    Comment actions Permalink

    The suggested final OAuth redirect no longer works.  Sending a user to 


    https://acme.zendesk.com/agent/tickets/?token=asdf


    immediately redirects them to


    https://uship.zendesk.com/agent/tickets/


    discarding the OAuth token from the query string.


    A workaround that used to work, redirecting to a static asset included with an App (e.g., "postauth.html") used to work, but stopped some time in the past week or so when Zendesk switched from hosting those assets on the same domain to an entirely different one.


    For me, assertURL("postauth.html") used to return something like


    /54321/assets/987654321-1a2b3c/postauth.html


    Now it returns


    https://54231.apps.zdusercontent.com/54321/assets/987654321-1a2b3c/postauth.html


    Because that's not in the same domain, it doesn't work for the OAuth redirect.


    Any suggestions on how to actually get OAuth to work in my app?  


    Any suggestions on how to get it to work so Zendesk won't just break it without announcement again in a few months?


     

    0
  • Vishal Mittal
    Comment actions Permalink

    This example is not working for me. When I redirect from my server in "auth/handle_decision" using 

    "redirect('https://your_subdomain.zendesk.com/agent/tickets/{}'.format(request.query.state))"

    , it only redirects the iframe in which my app is running (inside zendesk), thereby loading the zendesk agent ticket within the iframe of the agent ticket. 

    Any suggestions? Thanks.

     

     

     

     
    0
  • Bryan - Community Manager
    Comment actions Permalink

    Hi Vishal. DId you resolve this? The code that you reference is supposed to bring up a ticket in the agent window. Can you give more details or a screen shot of what's happening and what's expected?

    0
  • Vishal Mittal
    Comment actions Permalink

    Hi Bryan, just seeing your comment. The problem is not resolved. Please see attached screenshot. When I redirect to the ticket, the zendesk ticket interface shows up within the iframe I have created within the zendesk app.

    0
  • Vishal Mittal
    Comment actions Permalink

    Another problem is that the example above suggests that domain be hardcoded in the server app. I am building a client to serve multiple customers with different domains. How do I handle that situation?

    0
  • Matthew Cobb
    Comment actions Permalink

    Just a heads up, for this example server, Chrome emits a console Warning about cross site settings:

    A cookie associated with a cross-site resource at ... my server ...  was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032 

    0
  • Raghav Mishra
    Comment actions Permalink

    Hi Charles Nadeau 
    Great Tutorial, I've implemented something similar on React and Node. We're planing to push one of our apps to production where our custom portal performs an Authorization grant flow. Everything works smoothly, but we cannot ask our customers to "Grant permissions" every time by Allowing our app to use Zendesk. Is there a way they just Login (on the zendesk login page in the code grant flow) and we get the code once they login? We just want to skip the part where they Accept and Decline our app to access their zendesk. 

    0
  • Greg - Community Manager
    Comment actions Permalink

    Hi Raghav! Any user auth flow like this will need to be authenticated each session, as we do not support refresh tokens at this time. I will raise this with the team responsible for that to see if this is something that they will investigate in the future!

    1

Please sign in to leave a comment.

Powered by Zendesk