This flow is intended for confidential clients, such as traditional web applications with a secure backend that can safely store a client secret.
The process is divided into two main parts:
- Request User Authorization
- Exchange Authorization Code for an Access Token
Your application must redirect the user to the eGain authorization endpoint from metadata to obtain User's Authorization Code.
Method:
GETEndpoint: Your Authorization URL (from your client application's metadata).
- Example Base Authorization URL for a User:
https://ai.egain.cloud/system/auth/TMPRODB88619984-U/oauth2/authorize - Example Base Authorization URL for a Customer:
https://ai.egain.cloud/system/auth/TMPRODB88619984-C/oauth2/authorize
- Example Base Authorization URL for a User:
Query Parameters:
| Parameter | Relevance | Description |
|---|---|---|
client_id | Required | The Client ID for your application. |
response_type | Required | Must be set to code. |
redirect_uri | Required | The URL where the user will be redirected. This must exactly match one of the URLs you registered. |
scope | Required | A space-separated list of scopes. You can include any combination of scopes assigned to your client application in a single request. This allows you to generate one multi-purpose token for your entire application, or separate tokens for specific tasks, depending on your architectural needs. |
state | Recommended | An opaque value used to prevent cross-site request forgery attacks. |
- Example Full Authorization URL for a User:
https://ai.egain.cloud/system/auth/TMPRODB88619984-U/oauth2/authorize?client_id=b4b2c1d9-4c19-4e8a-8e7a-9a0b1c2d3e4f&response_type=code&redirect_uri=https%3A%2F%2Foauth.pstmn.io%2Fv1%2Fcallback&scope=core.aiservices.manage&state=a1b2c3d4e5f67890
Once your application receives the authorization code, it exchanges it for an access token through access token endpoint found in metadata.
Method:
POSTEndpoint: Your Token URL (from your client application's metadata).
- Example Base Token URL for a User:
https://ai.egain.cloud/system/auth/TMPRODB88619984-U/oauth2/token - Example Base Token URL for a Customer:
https://ai.egain.cloud/system/auth/TMPRODB88619984-C/oauth2/token
- Example Base Token URL for a User:
Headers:
| Header | Value |
|---|---|
Content-Type | application/x-www-form-urlencoded |
Body Parameters (application/x-www-form-urlencoded):
| Parameter | Relevance | Description |
|---|---|---|
grant_type | Required | Must be set to authorization_code. |
code | Required | The authorization code you received. |
redirect_uri | Required | The same redirect_uri used in the initial authorization request. |
client_id | Required | The Client ID for your application. |
client_secret | Required | The Client Secret for your application. |
- Example Full Token cURL for a User:
curl --location --request POST 'https://ai.egain.cloud/system/auth/TMPRODB88619984-U/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code=def456-gh-ijkl-789-mnopqr' \
--data-urlencode 'redirect_uri=https://oauth.pstmn.io/v1/callback' \
--data-urlencode 'client_id=b4b2c1d9-4c19-4e8a-8e7a-9a0b1c2d3e4f' \
--data-urlencode 'client_secret=aBcDeFgHiJkLmNoPqRsTuVwXyZ12345_67890-AbCdEfGh'Next Steps: