Kaizen #168 - Incremental Authorization
Welcome to this week's post in the Kaizen series. In this post, we will discuss Incremental Authorization.
What is Incremental Authorization?
Incremental Authorization is an OAuth strategy that allows a client to request specific authorization scopes as and when needed. This means that the client does not have to request every possible scope that might be needed upfront, which might result in a bad user experience. Incremental Authorization is considered a best practice in Oauth Authorization Request as:
- Users are not overloaded with scopes in the initial stage
- Users can control the amount of data they share
Who can use Incremental Authorization?
Server-based applications can make use of incremental authorization
Incremental Authorization Flow
Incremental Authorization FlowWhen a user first signs into the application, the application requests only the essential permissions needed. The user may trigger features that require additional permissions as they engage with the application. When the application identifies this, it follows the below steps:
Initiation Request (Step 1: Get Scope Enhancement Token )
The application makes a POST request to the endpoint /oauth/v2/token/scopeenhance, including the existing refresh token as a parameter. This request is aimed at obtaining a scope enhancement token, which is necessary for requesting additional permissions.
Scope Enhancement Request (Step 2)
After receiving the scope enhancement token, the app then makes a request to the endpoint /oauth/v2/token/addextrascope. In this request, it specifies which additional scopes are needed.
User Consent
The user is presented with a consent screen that details the new permissions being requested. This screen will only show the new permissions required and not those already granted.
If the user approves these new permissions, the refresh token (used in Step 1) and its associated access tokens will be updated to include the newly granted scopes.
Success Response
Upon successful approval by the user, a success response is returned, confirming that the additional scopes have been appended to the existing refresh token.
When is Incremental Authorization Useful?
Let us take a look at two scenarios where incremental authorization is particularly useful.
Scenario 1
Zylker Marketing, a marketing agency, utilizes a custom in-house marketing tool that integrates with Zoho CRM. Initially, the tool has permission to read Leads in Zoho CRM. However, as the marketing team expands their operations, they realize that they require to create new Contacts based on sign-ups and retrieve existing deals data for analysis. The tool is then revamped to create Contacts and view Deals data.
When a marketer who uses the tool tries to create a Contact for the first time, the incremental authorization method is called in the backend. The marketer is redirected to the Zoho login page. Once logged in, the marketer is prompted to give access to the new resources. This enhances the refresh token, and the tool can continue using the same refresh token.
Scenario 2
Consider that you want to use a new Zoho CRM API that just got released as part of the version release. Your refresh token does not have the required scope to access the new API. You can make use of incremental authorization to append the required scope to the same refresh token in these cases.
How can you use Incremental Authorization?
Step 1: Initiation Request
First, you need to send a request to get the scope enhancement token along with the refresh token for which the extra access is required.
Request format
POST {accounts-url}/oauth/v2/token/scopeenhance ?grant_type=update_scopes_token &client_id={client_id} &client_secret={client_secret} &refresh_token={refresh_token} |
The accounts-url is specific to the location (i.e., datacenter) where the client is registered. See all the server-specific URLs.
Request Parameters
You should send the initiation request with the below parameters. All parameters are mandatory
- grant_type: Specify the value as "update_scopes_token".
- client_id: Specify the client-id obtained from the API console.
- client_secret: Specify client-secret obtained from the API console.
- refresh_token: Specify the refresh token to which the additional scopes should be appended.
You will receive a response in the below format
{ "access_token": "{scope_enhancement_token}", "token_type": "update_scope", "expires_in": 600 } |
The scope_enhancement_token received in this response should be passed as a parameter in the next step - scope enhancement request.
Step 2: Scope enhancement request
This request appends the refresh token with additional scopes.
Request format
GET {accounts-url}/oauth/v2/token/addextrascope ?response_type=update_scopes &client_id={client_id} &redirect_uri={redirect_uri} &scope={required_scopes} &enhance_token={scope_enhancement_token} &logout=true |
Parameters
- response_type: Specify the value as "update_scopes".
- client_id: Specify the client-id obtained from the API console.
- redirect_uri : Specify the URI to which the authorization server will redirect the browser back with success or failure response. It has to be the same URI which is provided when registering the app in the API console.
- scope: Specify the scopes of the additional resources for which access is required.
- enhance_token: Scope enhancement token received in the response of the previous initiation request.
- logout: Specify as true if the user's session should be terminated after the permission is granted or rejected.
When this request is called, the application redirects the user to the Zoho Login page, and the user enters the Zoho credentials. Then, the permissions required are displayed once the user is authenticated.
The refresh token will be appended with the additional scopes, and a success response will be returned when the user grants permission. The user will be redirected to the redirect_uri with params status as success and scope_enhanced as true. The user can continue using the same refresh token can be used. If the user rejects the authentication, the system returns a failure response. The user will be redirected to the redirect_uri with params error as access_denied.
You will receive a response in the below formats:
Success Response
{redirect_uri}?status=success&scope_enhanced=true |
Failure Response
{redirect_uri}?error=access_denied |
We hope you found this post useful. We will meet you next week with another interesting topic!
If you have any questions, let us know in the comment section.
Cheers!
Previous Kaizen: Kaizen #167 - Configuration and Initialization of Zoho CRM Python SDK (V7) for different client types |
Kaizen Collection: Directory | Help document link: Incremental Authorization
Access your files securely from anywhere
Centralize Knowledge. Transform Learning.
All-in-one knowledge management and training platform for your employees and customers.
New to Zoho Recruit?
Zoho Developer Community
New to Zoho LandingPage?
Zoho LandingPage Resources
New to Zoho Survey?
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Bigin?
Topic Participants
Mable Mary M P
Sticky Posts
Kaizen #198: Using Client Script for Custom Validation in Blueprint
Nearing 200th Kaizen Post – 1 More to the Big Two-Oh-Oh! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.Kaizen #226: Using ZRC in Client Script
Hello everyone! Welcome to another week of Kaizen. In today's post, lets see what is ZRC (Zoho Request Client) and how we can use ZRC methods in Client Script to get inputs from a Salesperson and update the Lead status with a single button click. In thisKaizen #222 - Client Script Support for Notes Related List
Hello everyone! Welcome to another week of Kaizen. The final Kaizen post of the year 2025 is here! With the new Client Script support for the Notes Related List, you can validate, enrich, and manage notes across modules. In this post, we’ll explore howKaizen #217 - Actions APIs : Tasks
Welcome to another week of Kaizen! In last week's post we discussed Email Notifications APIs which act as the link between your Workflow automations and you. We have discussed how Zylker Cloud Services uses Email Notifications API in their custom dashboard.Kaizen #216 - Actions APIs : Email Notifications
Welcome to another week of Kaizen! For the last three weeks, we have been discussing Zylker's workflows. We successfully updated a dormant workflow, built a new one from the ground up and more. But our work is not finished—these automated processes are
New to Zoho TeamInbox?
Zoho TeamInbox Resources
Zoho CRM Plus Resources
Zoho Books Resources
Zoho Subscriptions Resources
Zoho Projects Resources
Zoho Sprints Resources
Qntrl Resources
Zoho Creator Resources
Zoho CRM Resources
Design. Discuss. Deliver.
Zoho Show Resources
Get Started. Write Away!
Writer is a powerful online word processor, designed for collaborative work.
Zoho CRM コンテンツ
-
オンラインヘルプ
-
Webセミナー
-
機能活用動画
-
よくある質問
-
Ebook
-
-
Zoho Campaigns
- Zoho サービスのWebセミナー
その他のサービス コンテンツ
Nederlandse Hulpbronnen
ご検討中の方
Recent Topics
Leistungsdatum in Rechnungen (Zoho Books)
Hallo, ist es irgendwie möglich den Leistungszeitraum in der Rechnung aufzuführen? Beste Grüße AleksZoho Trident Windows - Streams Not Visible
Namaste We’re having an issue with Streams not being visible in Trident (Windows), which is important for us as we share many emails internally. It appears that the feature to show Streams above the Inbox folder, as seen in the default mailbox view, isSales IQ Chat Widget is Only Displaying Last Name
Can anyone suggest why the widget is only displaying "last name"?! We have the latest version of the wordpress plugin installed. Thanks Thanks!Shopify - Item sync from Zoho Inventory
Hi team, We’ve connected Shopify with Zoho Inventory. We want that when an item is created in Zoho Inventory, it must create a product in Shopify. But currently, new items created in Zoho Inventory are not getting created in Shopify even after clickingKill zoho meeting
Saying the quiet part out loud. Can zoho please just give up on the idea that they can make a meeting platform and just make our workplace licenses cheaper when you remove it so people can switch to zoom or teams. Tired of the excuses, you guys cant makeUtilisation de Zoho en conformité avec l’article 286 du Code général des impôts (CGI)
Cher(e) client(e), Conformément à l’article 286 du Code général des impôts (CGI) impose aux entreprises assujetties à la TVA d’utiliser des systèmes de caisse ou de gestion commerciale certifiés lorsqu’elles enregistrent des ventes à des particuliers.Unable to Create Task as a Support Administrator
Hello! I want to ask for help regarding creating tasks within the tickets. I am by default the Support Admin. I should be able to create tasks or activities right? But there's a prompt that I need to contact the Administrator. See photos for reference.Introducing Forms in Zoho Sheet
We hereby bring you the power of forms in Zoho Sheet. Now, build and create your own customized forms using Zoho Sheet. Be it compiling a questionnaire or rolling out a survey, Zoho Sheet can do it all for you. Forms is an excellent feature that helps you collect information in the simplest of ways and having it in Zoho Sheet takes it a notch higher. Build Simple yet Powerful forms Building forms using Zoho Sheet is fairly simple. The exclusive 'Form' tab lets you create one quickly. Whether youLayout one survey question in a time & redirect next Page based on previous response
I have doubt while, I am scripting survey on the Zoho where I redirecting to next page based on my previous response but didn’t get success on this. Please help me on this and tell me how I layout one survey questions in a time when I submit responseZoho Bookings form pre-filled with Zoho Forms in
Hi, I've got a contact page on my website and I'd like to have the option to book an appointment (redirected to zoho bookings page) after an option is submitted on the contact form. how would I go about doing this? thanksSupport “Other” Option with Free Text in Dropdown Fields
Hello Zoho Bookings Team, Greetings, We would like to request an enhancement to the registration form fields in Zoho Bookings, specifically for dropdown fields. Current Limitation: At the moment, dropdown fields do not support an “Other” option that allowsDetailed Balance Sheet for tax preparer
I'm using the free edition of Zoho Books. My tax preparer is asking for "detailed" Profit & Loss and Balance Sheet reports which include all the activity and transactions within the various categories. The default reports do not include these details.Sending automated messages that appear in the ticket's conversation thread
Good morning, esteemed Zoho Desk community, warm greetings Today I am here to raise the following problem, seeking a solution that I can implement: I need to implement an automation that allows me to send reminder messages to customers when I am waitingPayment Card or Identity form-fill from Vault?
Hello! I'm working on replacing Bitwarden with Vault and one issue I've run into is that I can't find any option to fill address and payment forms from Payment Card or Identity info that has been saved in Vault. Is there a way to do this? Is it a plannedAbility to add VAT to Retainer Invoices
Hello, I've had a telephone conversation a month ago with Dinesh on this topic and my request to allow for the addition of VAT on Retainer Invoices. It's currently not possible to add VAT to Retainer Invoices and it was mutually agreed that there is absolutely no reason why there shouldn't be, especially as TAX LAW makes VAT mandatory on each invoice in Europe! So basically, what i'm saying is that if you don't allow us to add VAT to Retainer Invoices, than the whole Retainer Invoices becomesTime Log Reminder
Tracking the time spent on tasks and issues is one of the most important functions of a timesheet. However, users may forget to update the time logs because they have their own goals to achieve. But, time logs must be updated at regular intervals to keep[Early-access] Introducing Zoho's CommandCenter - Cross-Zoho business process automation
Resources to help Webinar recording | Documentation Feature Restrictions Currently available on early-access only for US data center accounts Features Role CommandCenter as a Service uses signals across Zoho services to propel the movement of recordsTip #58- Accessibility Controls in Zoho Assist: Learning- 'Insider Insights'
Learning should be clear and interruption-free for everyone. Timely feedback plays an important role in helping users understand actions as they happen, without breaking their focus. In this post, we’ll explore the final section of Accessibility: Learning.ZIA "Generate Content" action doesn't have contexual data from the ticket
"Generate Content" action doesn't have contexual data from the ticket. I try to get AI to help me with this ticket but it doesn't seem to have any ticket information as context. Although the ticket has a lot of information in it.Zoho Desk - Zoho FSM Integration issue on Mobile and iPad
Hello Team, I am trying to create a Work Order (WO) using the Zoho FSM integration (Add-on Service) that is integrated with Zoho Desk. The issue is that the integration is not working on mobile devices and iPads. While I am able to create the WO, Request,E-File Form 1099 Directly With the IRS From Zoho Books
The Form 1099 filing season has begun, and businesses are required to e-file certain forms with the IRS to report payments made to vendors and contractors. If your business made qualifying payments during the year, you must e-file the appropriate FormSuggestions for showing subscribed Topics in CRM (contact record)
We have several Topics set up in ZMA. We also have a sync set up between ZMA and CRM. I'd like to display the subscribed topics on the CRM Contact record. This will allow the Sales team (who uses CRM) to see at a glance what topics a Contact is subscribedReplies sometimes creating separate ticket
Sometimes when a customer responds to an email coming from Zoho Desk, instead of adding a reply to the original ticket, a separate ticket is created. This happens even though the response subject line contained the ticket number, and the person respondingRe-hide fields when option is unselected
Hi all Can anyone help me with this - when I create a 'show' field rule for when a dropdown option is selected, how to I make it so the 'show' option re-hides if that option is no longer selected?Custom Fields
There is no way to add a custom field in the "Timesheet" module. Honestly, the ability to add a custom field should be available in every module.Consultant-Only Booking Page
Zoho Bookings does not allow for Meeting Type OR Workspace-Wide booking pages to be turned off. This is detrimental to organizations that have territory-based or assigned accounts, because if prospects can go to these booking pages and either select theCall result pop up on call when call ends
I’d like to be able to create a pop up that appears after a call has finished that allows me to select the Call Result. I'm using RingCentral. I have seen from a previous, now locked, thread on Zoho Cares that this capability has been implemented, butCustom Sorting based on other columns in table
I need the ability to apply custom sorting to a text-based dimension in the X axis where the sorting is based on another column in the table. For example, I have a chart report where the X axis is a text label. I would like to be able to sort those textFeature Request: Enable Custom PDF Layout Editor for All Modules (Including Package Slips)
Hello Zoho Community and Product Team, I am writing to share a suggestion that would significantly enhance the customization capabilities within Zoho Books. We all appreciate the power of the Custom PDF Layouts (the "New" template engine) that allowsIs there a way to invoke deluge function from within a widget?
Hi! I have custom functions in deluge and I was wondering whether there is any way to call this function through a widget? Something like on click of a button inside a widget, run the deluge custom function. Would this be possible?Can a default task Priority be set?
The "Priority" field in the Task layout does not allow a default to be set. Is there another way of doing it? Because the current default is "None" and the Zoho Kanban board design has selected this field as critical information to surface by includingAdding a threshold to a line chart based on date range
I have a line chart that is tracking a percentage over time. It also has a filter for 50 different clients. I would like to create a threshold that is based on a portion of the date range. As I understand it, this would be done by adding a column to theResize Signature field dynamically
On the tablet, it is perfect. But on smaller mobile devices and PCs, both web and application, it is too small for people to sign. Is there any plan to make the signature field size dynamically in the future update?Zoho Creator Application - New User Not able to access the application
In Zoho Creator, The newly added user not able to access the " Added Application" - User has received the Invitation Email, but while clicking "confirm Account" in the invitation Email, the following error message has appeared. "Sorry! you cannot acceptDeleting Salutation Field
We have updated our lead input screen and 'Salutation' has appeared. This is not visible in the 'Edit Pgae Layout' screen so cannot be moved to 'List of Removed Fields' Salutation is visible in the list in 'Customization - Fields' however I can only 'Edit' or 'Replace' I cannot delete and I do not need this field on my lead input screen. Please can you advise how to get rid of this. Screen shots can be provided if needed. Thank you TashaAuto-Generate & Update Asset Serial Numbers using a custom function (Assets Module)
Hello Team, I’ve been working on a script to automate one of our processes in Zoho FSM, and the core functionality has been successfully implemented. However, I’m encountering an issue related to serial number allocation, which is not working as expected.Zoho Mail iOS app update: Access Delegated Mailbox.
Hello everyone! You can now access the delegated mailbox from within the iOS version of the Zoho Mail app. To access the delegated mailbox: Open the Zoho Mail app. Go on to the 'Email' module. Tap the profile picture. Choose the delegated mailbox PleaseHow to convert Lead's country field from Text to Pick List
Hi, I would like to change the default country field in ZCRM from text to pick list. It looks like not I can't delete default country field and recreate it as pick list nor can i create an new custom field country because such a label belong to default field. So what do I have to do? Any ideas? LHow create a draft via workflow?
I wish to create a workflow rule for specific emails that creates a draft response - not an automatic email reply, but just a draft with a set response ready to be verified by an agent who can then manually select recipients. Alternatively, the workflowFunction #51: Transaction Level Profitability for Quotes
Hello everyone, and welcome back to our series! In a previous post, we shared a custom function that could determine the profitability of a Sales Order. Today, we are presenting a similar function that calculates the profitability of a Quote. The setupNext Page