We recently switched our organization to use SAML SSO for agent login. Everything works fine for the web UI, but our custom Embeddable Client App SDK widgets are now breaking. The widgets rely on a service account to fetch analytics data via the REST API.
Previously, we were using basic auth to get the OAuth token, but that’s disabled now. I tried switching to the client credentials flow using our service account’s client ID and secret. Here is the request I’m sending:
POST /oauth/token
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id=our_service_client_id
&client_secret=our_service_secret
I’m getting a 401 Unauthorized response. The error message says "error": "invalid_client". I double-checked the credentials in the Developer Console and they look correct. Is there a specific scope I need to add? Or does enabling SAML break the standard OAuth flows for service accounts entirely? I need to know how to get a valid token for the SDK without user interaction.