Setting up a Python service to aggregate OpenTelemetry traces from Data Action executions. The service needs to fetch conversation metadata to enrich spans. Right now I’m using the Client Credentials grant because it runs as a background worker.
response = requests.post(
f"{base_url}/api/v2/authorization/token",
data={"grant_type": "client_credentials"},
auth=(client_id, client_secret)
)
The issue is that the resulting access token doesn’t seem to carry the user context needed for certain scoped API calls in the reporting pipeline. I get 403 Forbidden when trying to read agent-specific analytics data, even though the service account has the analytics:report:read permission.
Switching to Authorization Code flow feels messy for a non-interactive service. Is there a way to impersonate users with Client Credentials, or should I just stick to Authorization Code and handle the token refresh dance in the background? The docs are vague on which grant type supports scoped user data retrieval for backend services.