Incremental Authorization
Welcome to this week's post in the Kaizen series. In this post, we will discuss Incremental Authorization.
What is Incremental Authorization?
Incremental Authorization is an OAuth strategy that allows a client to request specific authorization scopes as and when needed. This means that the client does not have to request every possible scope that might be needed upfront, which might result in a bad user experience. Incremental Authorization is considered a best practice in Oauth Authorization Request as:
- Users are not overloaded with scopes in the initial stage
- Users can control the amount of data they share
Who can use Incremental Authorization?
Server-based applications can make use of incremental authorization
Incremental Authorization Flow
Incremental Authorization FlowWhen a user first signs into the application, the application requests only the essential permissions needed. The user may trigger features that require additional permissions as they engage with the application. When the application identifies this, it follows the below steps:
Initiation Request (Step 1: Get Scope Enhancement Token )
The application makes a POST request to the endpoint /oauth/v2/token/scopeenhance, including the existing refresh token as a parameter. This request is aimed at obtaining a scope enhancement token, which is necessary for requesting additional permissions.
Scope Enhancement Request (Step 2)
After receiving the scope enhancement token, the app then makes a request to the endpoint /oauth/v2/token/addextrascope. In this request, it specifies which additional scopes are needed.
User Consent
The user is presented with a consent screen that details the new permissions being requested. This screen will only show the new permissions required and not those already granted.
If the user approves these new permissions, the refresh token (used in Step 1) and its associated access tokens will be updated to include the newly granted scopes.
Success Response
Upon successful approval by the user, a success response is returned, confirming that the additional scopes have been appended to the existing refresh token.
When is Incremental Authorization Useful?
Let us take a look at two scenarios where incremental authorization is particularly useful.
Scenario 1
Zylker Marketing, a marketing agency, utilizes a custom in-house marketing tool that integrates with Zoho CRM. Initially, the tool has permission to read Leads in Zoho CRM. However, as the marketing team expands their operations, they realize that they require to create new Contacts based on sign-ups and retrieve existing deals data for analysis. The tool is then revamped to create Contacts and view Deals data.
When a marketer who uses the tool tries to create a Contact for the first time, the incremental authorization method is called in the backend. The marketer is redirected to the Zoho login page. Once logged in, the marketer is prompted to give access to the new resources. This enhances the refresh token, and the tool can continue using the same refresh token.
Scenario 2
Consider that you want to use a new Zoho CRM API that just got released as part of the version release. Your refresh token does not have the required scope to access the new API. You can make use of incremental authorization to append the required scope to the same refresh token in these cases.
How can you use Incremental Authorization?
Step 1: Initiation Request
First, you need to send a request to get the scope enhancement token along with the refresh token for which the extra access is required.
Request format
POST {accounts-url}/oauth/v2/token/scopeenhance ?grant_type=update_scopes_token &client_id={client_id} &client_secret={client_secret} &refresh_token={refresh_token} |
The accounts-url is specific to the location (i.e., datacenter) where the client is registered. See all the server-specific URLs.
Request Parameters
You should send the initiation request with the below parameters. All parameters are mandatory
- grant_type: Specify the value as "update_scopes_token".
- client_id: Specify the client-id obtained from the API console.
- client_secret: Specify client-secret obtained from the API console.
- refresh_token: Specify the refresh token to which the additional scopes should be appended.
You will receive a response in the below format
{ "access_token": "{scope_enhancement_token}", "token_type": "update_scope", "expires_in": 600 } |
The scope_enhancement_token received in this response should be passed as a parameter in the next step - scope enhancement request.
Step 2: Scope enhancement request
This request appends the refresh token with additional scopes.
Request format
GET {accounts-url}/oauth/v2/token/addextrascope ?response_type=update_scopes &client_id={client_id} &redirect_uri={redirect_uri} &scope={required_scopes} &enhance_token={scope_enhancement_token} &logout=true |
Parameters
- response_type: Specify the value as "update_scopes".
- client_id: Specify the client-id obtained from the API console.
- redirect_uri : Specify the URI to which the authorization server will redirect the browser back with success or failure response. It has to be the same URI which is provided when registering the app in the API console.
- scope: Specify the scopes of the additional resources for which access is required.
- enhance_token: Scope enhancement token received in the response of the previous initiation request.
- logout: Specify as true if the user's session should be terminated after the permission is granted or rejected.
When this request is called, the application redirects the user to the Zoho Login page, and the user enters the Zoho credentials. Then, the permissions required are displayed once the user is authenticated.
The refresh token will be appended with the additional scopes, and a success response will be returned when the user grants permission. The user will be redirected to the redirect_uri with params status as success and scope_enhanced as true. The user can continue using the same refresh token can be used. If the user rejects the authentication, the system returns a failure response. The user will be redirected to the redirect_uri with params error as access_denied.
You will receive a response in the below formats:
Success Response
{redirect_uri}?status=success&scope_enhanced=true |
Failure Response
{redirect_uri}?error=access_denied |
We hope you found this post useful. We will meet you next week with another interesting topic!
If you have any questions, let us know in the comment section.
Cheers!
Previous Kaizen: Kaizen #167 - Configuration and Initialization of Zoho CRM Python SDK (V7) for different client types |
Kaizen Collection: Directory | Help document link: Incremental Authorization
Access your files securely from anywhere
New to Zoho Recruit?
Zoho Developer Community
New to Zoho LandingPage?
Zoho LandingPage Resources
New to Zoho Survey?
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Bigin?
Topic Participants
Mable Mary M P
Sticky Posts
Client Script | Update - Introducing Commands in Client Script!
Have you ever wished you could trigger Client Script from contexts other than just the supported pages and events? Have you ever wanted to leverage the advantage of Client Script at your finger tip? Discover the power of Client Script - Commands! CommandsKaizen #165 : How to call Zoho CRM APIs using Client Script
Welcome back to another exciting Client Script post! In this post, we will discuss one of the most frequently asked questions: How do you call Zoho CRM APIs from Client Scripts? In this kaizen post, 1. Ways to make calls to Zoho CRM APIs using ClientKaizen#162 : Add Tags and Open Pre-filled Email Drafts via Client Scripts
Hello everyone! Welcome to another informative Kaizen post. In this post, let us see how to accomplish the following using Client Script. 1. How to auto-tag a record based on field update? 2. How to Open a pre-filled email draft This post will provideExtension Pointers - JS SDK series #4: Managing data from a widget using ZOHO.CRM.HTTP
Handling and managing the data between two applications is a major factor for an efficient business. There are a variety of ways to handle data between Zoho CRM and other third-party applications. You can use deluge CRM tasks, create connectors, use APIKaizen #152 - Client Script Support for the new Canvas Record Forms
Hello everyone! Have you ever wanted to trigger actions on click of a canvas button, icon, or text mandatory forms in Create/Edit and Clone Pages? Have you ever wanted to control how elements behave on the new Canvas Record Forms? This can be achieved
New to Zoho TeamInbox?
Zoho TeamInbox Resources
Zoho CRM Plus Resources
Zoho Books Resources
Zoho Subscriptions Resources
Zoho Projects Resources
Zoho Sprints Resources
Qntrl Resources
Zoho Creator Resources
Zoho CRM Resources
Design. Discuss. Deliver.
Zoho Show Resources
Get Started. Write Away!
Writer is a powerful online word processor, designed for collaborative work.
Zoho CRM コンテンツ
-
オンラインヘルプ
-
Webセミナー
-
機能活用動画
-
よくある質問
-
Ebook
-
-
Zoho Campaigns
- Zoho サービスのWebセミナー
その他のサービス コンテンツ
Nederlandse Hulpbronnen
ご検討中の方
Recent Topics
Recurring Events Not Appearing in "My Events" and therefore not syncing with Google Apps
We use the Google Sync functionality for our events, and it appears to have been working fine except: I've created a set of recurring events that I noticed were missing from my Google Apps calendar. Upon further research, it appears this is occurringHide Admin Only settings
It would be nice if the setup menu items and settings weren't visible to non-admins. Seems like there is some confusion with users going through setup pages but not having permissions and getting an invalid permission error.Zoho Desk - Feature Request - Add more social channels on Community user profile
Hi Team, While updating my profile here I noticed that it is only possible to add Facebook and Twitter social links. 1. Please consider adding at least LinkedIn and if possible, other popular channels. 2. Please consider renaming Twitter field name toHow to identify a ticket merge through Webhooks?
The ticket merge functionality moves all Threads and Comments from one Ticket to another. I want to identify this action to correctly apply these changes on my application end. Currently, my application only receives a Ticket_Update notification for theNative SMS Integration in Zoho Desk
I’d like to request the addition of native SMS integration within Zoho Desk. While email and chat are still widely used, SMS has become a critical channel for fast, effective customer support, especially for urgent or time-sensitive issues. At the moment,need a third party to fix email authentication dns records
at my wit's end - zoho began giving me spf, dmarc, dkim errors two weeks ago fussed with it since and now it seems dkim is the only problem and when i added the dkim record with the key from zoho mail it still wont work tired of this, need someone whoAnnouncing Early Access to "Zoho CRM for Everyone" — A new and exciting update to Zoho CRM
We are delighted to announce an Early Access to Zoho CRM for Everyone— a truly democratic approach to managing a CRM, gift-wrapped in an exciting and intuitive user interface. Here, multiple teams across an organization can coordinate among each otherShare Projects with Vendor Zoho Projects Portal
I have a vendor/reseller of my services. They private label my services. My portal is branded. Can an individual project be "shared" or the data sync with another portal? I believe that this can be done with CRM.Email template for customer notification on ticket reply is not being used
I've set up an email template for notify contact up upon receiving a reply in ticket. When I send a reply to the ticket, it is not using that email template. It just sends a normal looking email. How do I make it so that the email template is being used?Zoho Books - Sales Person Information
Hi Team, On Invoices, Quotes, etc... I can include the Sales Person, but it only shows their name and not their email or phone number. It would be great to have place on invoice templates where we can manage what sales person information should be showsFeature Request – Support for Stripe Direct Debit for Canadian Customers in Zoho Books
I’d like to request support for Stripe Direct Debit as a payment option for Canadian customers within Zoho Books. Currently, while Stripe credit card payments are supported for Canadian businesses, there is no option to enable Direct Debit (ACH/EFT) throughZoho Desk blank page
1. Click Access zoho desk on https://www.zoho.com/desk/ 2. It redirects to https://desk.zoho.com/agent?action=CreatePortal and the page is blank. Edge browser Version 131.0.2903.112 (Official build) (arm64) on MacOSTimentry and Support Plan Relationship
Timentry and Support Plan Relationship A customer can buy multiple products and request different SLAs and support plans for each product. We can enter different support plans and define the credit. The scenario I want to happen; - To reduce the creditsIssue with ticket replies via Slack: '+' symbols replacing spaces in emails
Hello, support team! We're experiencing an issue when replying to tickets directly through Slack. When the reply is sent to the email, spaces are being replaced by '+' symbols. This makes the message harder to read and understand. Is there any solutionAllow 2 logos for Branding, one for Light Mode and one for Dark Mode?
Our logo has a lot of black text on it. If we leave the background transparent, per recommendation of Zoho, when a user is viewing a file and turns on dark mode, our logo is not really visible and looks really weird. It would be really great if we couldZoho Creator Populate radio field with values with all the created rows subfor
I have Main Form where i have a lookup field where i get brewery names and the number of tanks as a multiline text field with a list of beer names Based Brewery selected and bbt_tanks number i create rows in the subform and now i want to populate listCurrency column showing $ symbol
Hello, I'm importing data from Zoho Projects to Zoho Analytics and I was wondering why "Budget amount" column is set in dollars even if the "Currency" column = EUR: Is there a way to get the budget amount as "EUR" + nnnnnn? Thank youAndroid notifications not working
I've set push notifications to 'on' in ZohoMail for android settings but nothing doing. Can anyone help? I do use a VPN.my clients are not receiving mails
Hi, My clients are not receiving my mails sent . may we know the reason My dns server and imap settings are perfectMúltiple Deals when converting a Lead
Hello!!! I hope someone can help me figure out the best way to handle this scenario. I have a multi-select field named “Service” in the Leads module that captures either Service A, Service B, or both. When converting a lead, Zoho CRM currently createszoho mail and crm is very slow
I have recently employed Zoho in our organisation. Even after taking high speed internet, mail and CRM takes many minutes to even load. Its really slow and faces lot of downtime.How to use if_case with expressions other than equals
I'm trying to define a formula column that implements logic like this case statement would: case when numfld1 is null then null when numfld2 > 0 then 100*numfld2 when numfld2 < 0 then numfld2 else 0.0 end In formula columns, the docs say you need to useZoho CRM's V8 APIs are here!
Hello everyone!!! We hope you are all doing well. Announcing Zoho CRM's V8 APIs! Packed with powerful new features to supercharge your developer experience. Let us take a look at what's new in V8 APIs: Get Related Records Count of a Record API: Ever wonderedCreate global project dashboard for all users
Would like to be able to create a custom dashboard for projects with certain widgets that are default for all new projects. right now, I have to modify each project dashboard per project per user. This is not practical.Zoho Error: This Operation has been restricted. Please contact support-as@zohocorp.com for further details
Hello There, l tried to verify my domain (florindagoreti.com.br) and its shows this error: This Operation has been restricted. Please contact support-as@zohocorp.com for further details. Screenshot Given Below - please check what went wrong. ThanksWhat's New in Zoho Inventory | January - March 2025
Hello users, We are back with exciting new enhancements in Zoho Inventory to make managing your inventory smoother than ever! Check out the latest features for the first quarter of 2025. Watch out for this space for even more updates. Email Insights forInline images are not shown on iPhone
When I add an image inline it gets displayed on a Zoho's computer software or web browser, but not on Zoho's iPhone app - the image appears to be broken and cannot be copied neither saved. What's the problem with displaying images inline when readingKaizen #186 : Client Script Support for Subforms
Hello everyone! Welcome back to another exciting Kaizen post on Client Script! In this edition, we’re taking a closer look at Client Script Support for Subforms with the help of the following scenario. " Zylker, a manufacturing company, uses the "Orders"Viewing Live data
Where can I see the live data that is sent from the device?"In Zoho CRM, during the Blueprint transition to the QC stage, I want to make the 'Packing Proof' image field mandatory."
@Dr Saurabh Joshi @Haiku Technical Support @Ishwarya SG @Sparrow Hill President @Hugh Marshall "In Zoho CRM, during the Blueprint transition to the QC stage, I want to make the 'Packing Proof' image field mandatory."Canvas templates can now be shared with different CRM organizations
----------------------------------------Moderated on 14th February, 2023------------------------------------------- Dear all, This feature is now open for all users in all DCs. To learn more about importing and exporting canvas templates, read our helpFormatting Mailing Labels
I want to use the "Print Mailing Labels" function on the drop down list, but I am not seeing a way to change the formatting on the mailing labels. At the moment, the information that appears on the mailing labels ARE NOT mailing addresses, but random information. I would also like to change be able to change the size of the labels. At the very least I would like to know what type of labels I can get that would be the correct size.CRM to Writer Mail Merge Preview not working
When performing a mail merge from CRM to writer the preview function does not work. I get the following error. I am a Zoho one user on a ChromeOS. I have been successfully using mail merge from CRM to Writer about 4 years. This error seemed to coincideBest practice : when to convert lead to Deal
Hello, I'm new to Zoho and run my own business. To make sure I'm using Zoho correctly, when do I press convert, from Lead to Deal, at what stage in the conversion funnel/conversation. I want to make sure I can a) monitor status of all pending lead orShow Call History During a Blueprint Transition in Leads Module
Hi all, I have a Blueprint set up in the Leads module with a transition to Reattempt Call, which updates the lead status to Attempted Contact. I’d like to know if there’s a way to show the call history or at least a summary of how many call attempts haveHow do I filter contacts by account parameters?
Need to filter a contact view according to account parameter, eg account type. Without this filter users are overwhelmed with irrelevant contacts. Workaround is to create a custom 'Contact Type' field but this unbearable duplicity as the information alreadyHow to delete more than 100 leads at a time.
We are a call center and we need to upload fresh leads daily. Is there any way to delete all leads only at once. Currently we are deleting 100 at a time. Please anyone who can help. Thank you.The Next Chapter for CRM for Everyone: Moving from Early Access to Phased Rollout for Customers
#CRM25Q1 Hello Everyone, Until now, CRM for Everyone has been available in early access mode exclusively for users who opted to try the new version. We are now transitioning to a phased release, starting with the basic edition. We are thrilled to announceCanvas for related lists
Hey, we would like to customize our related lists. For us, it would make more sense to present the data from an assigned record vertical instead of horizontal. Can we get a related list Canvas view?Standalone custom function not generating logs
Why dont't standalone custom functions generate logs when the're called from another function? I have some functions (workflow, buttons and blueprint) that have common parts, so I put that part in a standalone function which is called from the others.Next Page