Talkdesk® provides users with direct access to all apps installed from Talkdesk AppConnect™ within their instance of Talkdesk. To further streamline this experience, you are required to provide Single Sign-On (SSO) and Single Sign-Out via Talkdesk to your hosted web apps.
When a user launches an app from their Talkdesk environment, they'll be re-directed to the standalone URL you provided when you registered your app's version.
From here, you are able to provide the users with the proper access and user experience in your hosted web apps. See below how to implement these processes.
SSO is accomplished using the OAuth 2.0 Authorization Code grant type.
1 - Register an app
Registering your app will allow you to set up the technical information, including the events callback URL, testing it on your account and eventually publishing it on AppConnect to make it available for customers. If you have already registered your app, please proceed to step 2.
2 - Create the app technical version, setting up the events callback URL
2.1 - Configure the events callback URL - this is the webhook endpoint that allows the app to listen to the events sent by AppConnect.
2.2 - Configure the standalone URL - this is the URL to which the user will be directed to when clicking the icon on the App Manager, triggering the OAuth authentication flow.
2.3 - Configure the Redirect URL - this is the endpoint to which the user will be redirected to once the authentication is successful.
When a user installs an app, an event will be triggered to the events callback URL, containing all required credentials to make use of your OAuth Client. You must store this information on your side, and associate it with the installation ID. You must also store information (for the purposes of the SSO) regarding the
AppConnect passes the installation ID and the user ID parameters when calling the standalone URL webhook. You can use the installation ID to retrieve the OAuth Client information you stored (see step 3). By using this OAuth Client information, you will be able to call Talkdesk's authorization endpoint, which was also sent in the installation event. This will provide you with an authorization code.
When opening an installed app from Talkdesk, the user is redirected to the standalone URL you provided with these query parameters:
Unique identifier of the partner app installation in the user's Talkdesk account
Talkdesk user’s ID initiating SSO
user IDis meant to be used as a hint only, and it must not be used to authenticate Talkdesk users under any circumstance.
By using the OAuth Client (step 4), the token endpoint you saved (step 3), and the authorization code (step 4), you can request an access token so that you can get information about the user (using the
When users are redirected to the standalone URL you provided, you must initiate the SSO process immediately. No additional clicks (i.e. "Login with Talkdesk") must be required from the user.
If the SSO fails for any reason, or if you can’t resolve the Talkdesk user to an authenticated user in your system, you must present an error page with the user's contact.
Talkdesk recommends capturing these errors in your system automatically, so that you can provide proactive troubleshooting services to your customers.
You must handle, on your side, the
Updated 5 months ago