cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
490
Views
0
Helpful
5
Replies

Query regarding OAuth authentication permission

sandiban
Cisco Employee
Cisco Employee

Query from @Laurens Peschko over #webex4devs space - 

Hi, it's not possible to give a bot org permissions, right? In order to do that (say i want a script that checks memberships etc) i would have to use an oauth integration to generate an access token that is bound to a user from that org?

5 Replies 5

Raffaele Lagana
Cisco Employee
Cisco Employee

To add to this,

By 'org permissions', do you mean Admin rights within the org? That's not possible for a bot.

In general for admin rights, you would be best served to use an integration as Sandip described. You would then just need the Admin user to authorize that integration, so that it can assign the admin scopes to the access token (if a regular user authorizes an integration that has admin scopes, those will be ignored as the user doesn't have the necessary rights for them. Integration will still authorize, but will just assign the scopes that the user has rights/licenses to).

 

Also, for your example with memberships, note that a bot can check the memberships of a space/room they are part of. There is no restriction there. But if the bot wants to check messages in the space, it can only see the messages that it is @mentioned in a group space, can't see any other messages. It can see all messages in a direct space though.

thanks, so i will proceed and create a new admin user that has the needed permissions, and then generate a token with that user

Actually, i just realized i dont need to bother with creating a compliance admin, i can just create a bot that is a member in all spaces where my integration is needed, although maybe a service webex user would be best practice?

It really depends what your exact goal is. If you're just trying to get memberships of spaces, then you can use the bot and add it to all necessary spaces. A Compliance officer user (different role to the Admin role) would also be able to list all memberships of all spaces within an org, without needing to be part of those spaces. I guess it depends what suits you best.

sandiban
Cisco Employee
Cisco Employee

Hi Laurens,
You're actually right.
There should be a valid User on your Org who can add the integration under his/her profile, by creating an Integration from Webex Developer Portal.
Just a reference to FAQs for better understanding - https://developer.webex.com/docs/frequently-asked-questions#:~:text=Does%20a%20real%20user%20need%20to%20authorize%20an%20Integration%2C%20or%20can%20the%20authorization%20be%20completed%20programmatically%3F

Kind regards,
Sandip