Incremental Authorization

Incremental Authorization


Welcome to this week's post in the Kaizen series. In this post, we will discuss Incremental Authorization. 

What is Incremental Authorization?

Incremental Authorization is an OAuth strategy that allows a client to request specific authorization scopes as and when needed. This means that the client does not have to request every possible scope that might be needed upfront, which might result in a bad user experience. Incremental Authorization is considered a best practice in Oauth Authorization Request as:
  • Users are not overloaded with scopes in the initial stage
  • Users can control the amount of data they share

Who can use Incremental Authorization?

Server-based applications can make use of incremental authorization 

Incremental Authorization Flow

Incremental Authorization Flow

When a user first signs into the application, the application requests only the essential permissions needed. The user may trigger features that require additional permissions as they engage with the application. When the application identifies this, it follows the below steps:

Initiation Request (Step 1: Get Scope Enhancement Token )

The application makes a POST request to the endpoint /oauth/v2/token/scopeenhance, including the existing refresh token as a parameter. This request is aimed at obtaining a scope enhancement token, which is necessary for requesting additional permissions.

Scope Enhancement Request (Step 2)

After receiving the scope enhancement token, the app then makes a request to the endpoint /oauth/v2/token/addextrascope. In this request, it specifies which additional scopes are needed.

User Consent

The user is presented with a consent screen that details the new permissions being requested. This screen will only show the new permissions required and not those already granted.
If the user approves these new permissions, the refresh token (used in Step 1) and its associated access tokens will be updated to include the newly granted scopes.

Success Response

Upon successful approval by the user, a success response is returned, confirming that the additional scopes have been appended to the existing refresh token.

When is Incremental Authorization Useful?

Let us take a look at two scenarios where incremental authorization is particularly useful.

Scenario 1 

Zylker Marketing, a marketing agency, utilizes a custom in-house marketing tool that integrates with Zoho CRM.  Initially, the tool has permission to read Leads in Zoho CRM. However, as the marketing team expands their operations, they realize that they require to create new Contacts based on sign-ups and retrieve existing deals data for analysis. The tool is then revamped to create Contacts and view Deals data. 
When a marketer who uses the tool tries to create a Contact for the first time, the incremental authorization method is called in the backend. The marketer is redirected to the Zoho login page. Once logged in, the marketer is prompted to give access to the new resources. This enhances the refresh token, and the tool can continue using the same refresh token. 

Scenario 2

Consider that you want to use a new Zoho CRM API that just got released as part of the version release. Your refresh token does not have the required scope to access the new API.  You can make use of incremental authorization to append the required scope to the same refresh token in these cases.

How can you use Incremental Authorization?

Step 1: Initiation Request 

First, you need to send a request to get the scope enhancement token along with the refresh token for which the extra access is required.

Request format

POST 
{accounts-url}/oauth/v2/token/scopeenhance
?grant_type=update_scopes_token
&client_id={client_id}
&client_secret={client_secret}
&refresh_token={refresh_token}


The accounts-url is specific to the location (i.e., datacenter) where the client is registered. See all the server-specific URLs.
Request Parameters 
You should send the initiation request with the below parameters. All parameters are mandatory
  • grant_type: Specify the value as "update_scopes_token".
  • client_id: Specify the client-id obtained from the API console.
  • client_secret: Specify client-secret obtained from the API console.
  • refresh_token: Specify the refresh token to which the additional scopes should be appended.
You will receive a response in the below format
{
"access_token": "{scope_enhancement_token}",
"token_type": "update_scope",
"expires_in": 600
}

The scope_enhancement_token received in this response should be passed as a parameter in the next step - scope enhancement request.

Step 2: Scope enhancement request

This request appends the refresh token with additional scopes.
Request format
GET
{accounts-url}/oauth/v2/token/addextrascope
?response_type=update_scopes
&client_id={client_id}
&redirect_uri={redirect_uri}
&scope={required_scopes}
&enhance_token={scope_enhancement_token}
&logout=true

Parameters
  • response_type: Specify the value as "update_scopes".
  • client_id: Specify the client-id obtained from the API console.
  • redirect_uri : Specify the URI to which the authorization server will redirect the browser back with success or failure response. It has to be the same URI which is provided when registering the app in the API console.
  • scope: Specify the scopes of the additional resources for which access is required.
  • enhance_token: Scope enhancement token received in the response of the previous initiation request. 
  • logout: Specify as true if the user's session should be terminated after the permission is granted or rejected.
When this request is called, the application redirects the user to the Zoho Login page, and the user enters the Zoho credentials. Then, the permissions required are displayed once the user is authenticated.
The refresh token will be appended with the additional scopes, and a success response will be returned when the user grants permission. The user will be redirected to the redirect_uri with params status as success and scope_enhanced as true. The user can continue using the same refresh token can be used. If the user rejects the authentication, the system returns a failure response.  The user will be redirected to the redirect_uri with params error as access_denied.

You will receive a response in the below formats:

Success Response
{redirect_uri}?status=success&scope_enhanced=true

Failure Response
{redirect_uri}?error=access_denied

We hope you found this post useful. We will meet you next week with another interesting topic!
If you have any questions, let us know in the comment section.
Cheers!


      • Recent Topics

      • Counting downloads of a file

        Hello Could anyone help me, I would like to use a custom script to count how many times a file contained in a record has been downloaded. Is that something that is possible in Creator? Thanks Estelle

      • Is there any way to prevent emails from being sent from zoho crm without pressing email opt out?

        When I left my desk yesterday I excitedly thought I had fixed my problem, by making use of the "Inactive" field ... However after contacting the support chat, they have advised to stop emails being sent I need to update the "Email Opt Out" field - which

      • New Search Function

        Hey Team, The search function updated in our CRM about a week ago, so I assume it was an automated update across Zoho. It no longer displays leads/deals etc in Chronological order so that the most recently created or updated is the first to display which

      • New permissions for accessing emails sent via Zoho CRM

        Last modified on Nov 4, 2024: Permissions for accessing emails sent via Zoho CRM have now been extended to the IN DC. With this rollout, the feature is now available to all users across all DCs. Resources: Data sharing for emails, Configuring email compose

      • Mind Mapping

        Will Zoho consider a mind mapping application? I have seen some discussions that are some 10 years old. What is the status now?

      • is it possible to add more than one Whatsapp Phone Number to be integrated to Zoho CRM?

        so I have successfully added one Whatsapp number like this from this User Interface it seems I can't add a new Whatsapp Number. I need to add a new Whatsapp Number so I can control the lead assignment if a chat sent to Whatsapp Phone Number 1 then assign

      • Unable to send emails

        I have this email parth@mrcolumbus.in, but I couldnt send outgoing email. Can you please help?

      • Request for Alerts on Workflow and Function Changes.

        I want to get an alert whenever a new workflow or function is added or an existing workflow or function is edited. Is there any way to do that? I need to log all changes whenever updates are made or new ones are added.

      • Overwrite Option for custom modules

        Hi Team, I noticed that the overwrite option is unavailable in Zoho Books when importing data for custom modules. This limitation makes it challenging to bulk update old data, as the only option is the 'bulk update' feature, which is restricted to 25

      • Transfer Amount from One Vendor to Another Vendor

        One of the vendors, who has a balance with us, has closed the business and has started a new business; Now he wants me to transfer the outstanding from the old account to the new Vendor Account. I am trying to do this using Payment Settlement a/c, But

      • Been getting this error, every now and then "Get count limit exceeded, please try again after 3 mins"

        it is really annoying.

      • How to make Branch compulsory in Zoho Books invoice?

        How I make Branches compulsory in Zoho Books invoice?

      • Regarding GST Report Issue in Zoho Books

        Hi, Right now, the very important point from my end is this Zoho Books issue. Here, you can see that we have created the invoice with the items of account sales and expenses. The journal is also correct. The profit and Loss statement is also correct.

      • Function #57: Automatically group items in invoices based on categories

        Hello everyone, and welcome back to our series! As a business expands and new product lines are launched, it becomes important to organize the items for better inventory management. The Category field in Zoho Books helps here by allowing you to add and

      • Fixed asset management

        I want to know if there is any individual module for fixed assets management

      • Suppress "spreadsheet will not be saved" message on published sheet

        I have published a sheet and have one column on that sheet that the user can edit (a dropdown picklist where the user can select the status for each line). Is there a way to suppress the Zoho Sheet message "Any changes made to this published spreadsheet

      • Zoho Forms Unable to Save Account Numbers with a Leading Zero

        We are using Zoho Forms to for rental applications. It is working well, except for one thing:  when a user enters their bank account information, and that account number actually starts with a ZERO (like 00123456) the Zoho form will return the value without

      • Profit on Sales order

        Hi, would it be possible to implement a column at the Sales order overview of Purchase amount? So a field with the amount of all purchase related to this Sales order? This is very usefull so you will see the profit you made on this deal. I tried to get

      • How to include GST% in PO amount?

        Currently when I raise PO, the basic price of the item is used. However, the GST is not calculated and added along with the basic amount. I have added a Custom field for GST in the PO but I need Zoho Inventory to calculate the GST amount and add it with the Basic price to give me the final PO price.

      • sitemap in zoho sites not updating

        I checked my sitemap and it has not added any updates. Do I have to generate one manually all the time or is zoho sites suppose to generate and update it?

      • I trying to connect our PM tool but API shows failure

        Hi All, in ZOHO CRM when an enquiry stage is moved to WON then I have created a rule to trigger POST URL to thrid party AP and then create a function for mapping with below code void automation.kytesfunctions(String enquiryId) { // Fetch enquiry details

      • 2 serial numbers for 1 item (Mac address and Serial number)

        There is a way to track 2 serial number type for 1 Item. Ex: Some electronic devices have a MAC address and a serial number. I need to track those 2 numbers

      • Sample Ticket - Created from Bot Preview

        Why is Zoho desk adding bot created tickets?

      • Webhook data is not being received

        We’ve set up the webhook with a public URL that returns a 200 status on Postman. However, when we ran a test, we didn’t receive anything in the req.body object or see any data from the POST request. As a team of freshers still learning the ropes of development,

      • Number of Workflow runs

        Is there a way in Zoho desk to see statistics regarding workflows, rules and other automation objects? Would be nice for several reasons: You could ensure that your workflows are actually running. You could determine which ones weren't being used so you

      • Mail is no longer populating CRM contacts

        Hi! For the last few days, my mail hasn't been populating my CRM contacts. Even people I email multiple times per day. In fact, it keeps trying to send mail to myself. Notice, I started typing Amy and only got as far as, "Am" and it suggested myself.

      • Zoho Support is indeed shocking and difficult to get a response with

        All our business emails have an auto-foward set up on them so that they also go to our GMAIL accounts so that we receive them to the relevenat people. The emails are indeed auto forwarding and arriving to our GMAIL accounts but when you log into your

      • Chart with Filtered Data vs Unfiltered Data

        I am looking to create a chart view that displays the full data set vs a subset of the data filtered by user filter. However I do not seem to find any method by which to exclude a plot from the applied filter or any other method by which to display the

      • How to get a list of selected records into a button-function? Here is how!

        So, you might know already how to get a button on a page somewhere and perform actions with a function when pressed, but how about a button that only works with the records you selected in the list view? The button selected is a custom button in the modules

      • How to Add Break line / Return on button click

        I need to return the text concate with difference field from lead with line break i try "\r" ,"\n" "<br>" return "ali \r\n <br> baba"; None of above work.  i expected result something like this  ali baba but got this  ali \r\n <br> baba so, how can i

      • How to get batch number of item by api?

        Hi there, Is there any way to get batch number of item by api? Batch number is the batch reference number in https://www.zoho.com/inventory/help/advanced-inventory-tracking/batch-tracking.html . When I call the https://www.zoho.com/books/api/v3/#Items_Get_an_item

      • Filter embedded report

        How to filter embedded report in a page, below code is not working. dateField => startDate & dateField=< endDate The report should print on page containing records from startDate to endDate. params='zc_Header=true&amp;Service_Date__gte=<%=startDate%>&amp;Service_Date__lte=<%=endDate%>'

      • Serious question: Are there actually "solo-preneurs"/small business owners who made Zoho-one work well for them?

        L.S. After already many years of continued struggle with Zoho-One, I am seriously wondering if there are actually solo-preneurs (one person small business owners - without a large, dedicated IT dept.) who got it (Zoho-One) to work well for their businesses.

      • Announcing new features in Trident for Windows (v.1.18.6.0)

        Hello Community, Trident for Windows is here with some new features to elevate your workplace communication. Let's take a quick look at what's new. Ask and send read receipts for emails You can now request read receipts for specific emails while composing,

      • Increase subscription prices for existing subscriptions

        Hi, Does anyone know how we could achieve the ability to increase the subscription fee for our existing customers based on a % increase. We are not yet using Zoho Billing (Subscriptions) and I'm not sure if it is a good fit for us. But we would need to

      • Why developing custom function development made so difficult for Zoho Projects!!

        Hi Zoho Team, I am trying to write function to automate a process but whatever API name or Column Name I use, the API isn't populating certain fields. Even the standard fields aren't getting populated through API. It's already exhausting to find all API

      • Delete / Modify Default Career Site - Zoho Recruit

        Hello, It would be very useful if we could delete a default career site or change which of our career site is the default. Our Career site was created when there were issues with Zoho Recruit creating English CTA buttons on French Career sites. The only

      • Data not visible in sheet cells

        I'm having an issue where my data is not visible in my sheet cells. If I click on an individual cell, the data does display above in the little "fx" box. But all the boxes in the sheet just look blank. My collaborators do not have this issue. I have checked

      • PO receive limitations

        It is VERY common to receive more or less that the PO quantity. It's totally ludicrous to limit the maximum receive to the PO quantity! What if the receive is 0.00001 less than the PO quantity - it leaves the PO as "Partially received" The current options are to edit the PO manually before finalizing the receive, an outrageous situation ! Please Zoho guys - this is an infuriating oversight & can be easily resolved by introducing the option as shown in the attached document ......

      • Document images

        We used to be able to rotate the images but this has now been removed ???

      • Next Page