Authentication is handled based on four distinct personas. The persona determines which OAuth 2.0 flow you must use:
- User: An eGain agent or user. Uses Authorization Code flow or PKCE.
- Customer: A logged-in end-user. Uses Authorization Code flow or PKCE.
- Anonymous Customer: A non-logged-in end-user. Uses Client Credentials flow.
- Client App: The application itself (server-to-server). Uses Client Credentials or On-Behalf-Of flow.
- External Identity: Users authenticated via third-party services (Okta, Azure). Uses Token Exchange Flow.
Important: Matching Flows to Scopes To avoid authorization errors, your flow must match the persona:
- Client Credentials: Use for Application scopes.
- User/Customer Flows: Use for Delegated scopes.
- On-Behalf-Of (OBO): A hybrid flow for OBO delegated scopes.
Next Steps:
- Choose a specific flow based on your persona:
- Make Authenticated Requests