Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
429
Views
0
Helpful
5
Replies

Query regarding OAuth authentication permission

sandiban
Cisco Employee
Cisco Employee

‎08-05-2022 03:54 AM

Query from @Laurens Peschko over #webex4devs space - 

Hi, it's not possible to give a bot org permissions, right? In order to do that (say i want a script that checks memberships etc) i would have to use an oauth integration to generate an access token that is bound to a user from that org?

Labels:
0 Helpful
5 Replies 5

Raffaele Lagana
Cisco Employee
Cisco Employee

‎08-05-2022 04:00 AM - edited ‎08-05-2022 04:01 AM

To add to this,

By 'org permissions', do you mean Admin rights within the org? That's not possible for a bot.

In general for admin rights, you would be best served to use an integration as Sandip described. You would then just need the Admin user to authorize that integration, so that it can assign the admin scopes to the access token (if a regular user authorizes an integration that has admin scopes, those will be ignored as the user doesn't have the necessary rights for them. Integration will still authorize, but will just assign the scopes that the user has rights/licenses to).

 

Also, for your example with memberships, note that a bot can check the memberships of a space/room they are part of. There is no restriction there. But if the bot wants to check messages in the space, it can only see the messages that it is @mentioned in a group space, can't see any other messages. It can see all messages in a direct space though.

0 Helpful

pescla
Spotlight
Spotlight
In response to Raffaele Lagana

‎08-05-2022 04:02 AM

thanks, so i will proceed and create a new admin user that has the needed permissions, and then generate a token with that user

0 Helpful

pescla
Spotlight
Spotlight
In response to pescla

‎08-05-2022 04:18 AM

Actually, i just realized i dont need to bother with creating a compliance admin, i can just create a bot that is a member in all spaces where my integration is needed, although maybe a service webex user would be best practice?

0 Helpful

Raffaele Lagana
Cisco Employee
Cisco Employee
In response to pescla

‎08-05-2022 04:25 AM

It really depends what your exact goal is. If you're just trying to get memberships of spaces, then you can use the bot and add it to all necessary spaces. A Compliance officer user (different role to the Admin role) would also be able to list all memberships of all spaces within an org, without needing to be part of those spaces. I guess it depends what suits you best.

0 Helpful

sandiban
Cisco Employee
Cisco Employee

‎08-05-2022 03:56 AM

Hi Laurens,
You're actually right.
There should be a valid User on your Org who can add the integration under his/her profile, by creating an Integration from Webex Developer Portal.
Just a reference to FAQs for better understanding - https://developer.webex.com/docs/frequently-asked-questions#:~:text=Does%20a%20real%20user%20need%20to%20authorize%20an%20Integration%2C%20or%20can%20the%20authorization%20be%20completed%20programmatically%3F

Kind regards,
Sandip

0 Helpful
Customers Also Viewed These Support Documents