Contrib.social

Zendesk deprecating GET requests - changes required?

Open on Drupal.org →
Created on 13 December 2023, over 1 year ago

Problem/Motivation

Zendesk is making changes to their API which this module uses.

I am not sure if these changes affect the module, but the notice is copied below.

Zendesk will make a change to improve the integrity of single sign-on (SSO) using JSON Web Tokens (JWT) that requires your action, partnering with developer resources as needed. You are receiving this email because our records indicate you currently use JWT for SSO and make requests to the https://yoursubdomain.zendesk.com/access/jwt endpoint.

Starting May 1, 2024, you will be required to use HTTP POST requests instead of HTTP GET requests to avoid problems signing in to Zendesk.

Why is this change necessary?
We are enhancing the integrity of our SSO setup by requiring HTTP POST requests to prevent unnecessary data from being passed along with the JWT and stored in a browser’s history or cache.

Single sign-on is a mechanism that allows you to authenticate users in external systems and subsequently tell Zendesk that the user has been authenticated. This feature also allows you to send data related to the user (like phone numbers and tags) so that their data in Zendesk can be updated.

With HTTP GET, this extra data is passed in the URL. By using HTTP POST, however, this data is passed in the body of the request, which isn’t stored or cached by the browser.

What do you need to do?
Update your SSO configuration to use HTTP POST requests instead of HTTP GET requests before May 1, 2024, to ensure continued functionality of your SSO login configuration. This transition will not involve disruptions to your end users.

How to do this depends on your SSO setup.
If you use a third-party service (other than Okta or Azure), you or a tech lead will need to connect with your SSO provider’s support team to request they update their Zendesk integration to use HTTP POST requests instead of GET. Please refer them to the documentation available and send them this email.
If you host your own SSO setup, instruct your developers or the team responsible for maintaining your SSO setup to use our updated documentation to switch from HTTP GET to HTTP POST.
As always, our Zendesk support team is here to assist you with any questions or concerns. Please don't hesitate to contact us if you need further assistance or guidance.

📌 Task
Status

Active

Version

3.0

Component

Code

Created by

jabeler

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024