Exchange Tokens (Genesys WDE)
The exchange endpoint was introduced to support outbound personal collection links. These links do not work when opened from a desktop application like Genesys WDE, because the access token cookie is only set within the application context and is not sent when the user follows an external link in a browser.
Processβ
- On widget load, after authenticating, the frontend requests an exchange token from the Backend API at
/auth/exchange-token. - This endpoint requires a valid access token (from the current session) and returns a short-lived token (currently 1 hour).
- The frontend then builds an outbound redirect URL that includes the short-lived token, for example:
https://swisscom.deepdesk.com/apis/admin/session/jwt/?jwt=<token>&redirect=/admin/personal-collection - When the user opens that link:
- The request hits the JWT login endpoint (
/apis/admin/session/jwt) in Admin, which verifies the token and sets the JWT session cookies. - Admin then redirects the user to the
redirectparameter (e.g./admin/personal-collection), which is the personal collection page in the Dashboard UI.
- The request hits the JWT login endpoint (
Summaryβ
| Step | Location | Action |
|---|---|---|
| 1 | Frontend (after auth) | GET/POST Backend /auth/exchange-token β receive short-lived JWT |
| 2 | User opens link | Browser requests .../apis/admin/session/jwt/?jwt=...&redirect=... |
| 3 | Admin | Validates JWT, sets session cookies, redirects to redirect path |
See alsoβ
- JWT session (cookies) β How session cookies are set after JWT validation.
- Authentication overview β All authentication methods.