Hi Tai,

Just wanted to follow up with a few questions related to the demo you showcased on the zoom meeting with David Kempl and Monika Tamasi.

First of all, great proactive thinking outside of the box!

I wonder about your Okta configurations:

1. Do you select Web Application or Native Application when you create Okta OIDC application?
2. Do you use SSO to get access and refresh tokens?
3. It was not clear to me how you were able to get Genesys access and refresh tokens, can you please elaborate on that?

Hi David, thanks for your answers

1. Is there a plan to allow Mobile Messenger SDK users to implement a custom Vault? This would address most of our requirements.

2. There are many capabilities within MessagingClient. For example, instead of obtaining a new authCode each time, we could call messagingClient.connectAuthenticatedSession(). Could we make MessagingClient accessible through the Mobile Messenger SDK?

3. I understand that the authorize() method requires an authCode, redirectUri, and codeVerifier for Genesys to exchange the token. Is there a plan to allow the client to authenticate itself (obtaining accessToken and refreshToken from our OpenID provider) and then pass them to the Mobile Messenger SDK for use?

Our expectations:

• The Vault should be encrypted for better security. If a custom Vault is allowed for the Mobile Messenger SDK, the app can handle encryption itself.
• Pass refreshToken and accessToken to the Mobile Messenger SDK via a method or custom Vault. Then, it should function similarly to the Transport you mentioned in your 4th point.

Best regards,
Tai

Hi Tai,

1. At Web Messaging we use auth token flow. Meaning the user need to authenticate to your service not to Genesys. From Web Messaging point of view the auth token flow makes sure the user is authenticated and can use the secured channel.
2. The Mobile Messenger SDK doesn't provide access to custom Vault|
3. We don't have encryptions implemented on the Valut currently.|
4. If Transport has authToken stored in Vault from the past authorization - we will try configuring a session as Authenticated. If authToken is expired, we will try to refresh it using refreshToken and retry to connect to authenticated session again. If refresh token expired as well, we will throw an error asking user to re-authenticate. Thats in order to minimize the amount of login attempts required by the user. The wasAuthenticated field from Vault serves mostly for UI purpose to indicate if previous session was authenticated or guest (so the proper UI is drawn). |
5. The MessagingClient is not exposed from MMSDK, this is a private property. The MMSDK does not re-authenticate when the application restarts, it requires new AuthCode authentication on every restart.|

Best Regards,

Please let us know if there is any update. Thanks @tamasi878

Hi tai.nguyen,

We are collecting the answers for your question, we get back to you with information as soon as we can.

Sorry but I'm seeing a "(post deleted by author)" reply. What does it mean?