I’m spinning up a new integration for a multi-tenant BPO client and need to lock down the OAuth client to specific divisions. The goal is to ensure the application only has access to the tenant’s specific division data, not the whole org. I’ve been digging through the CX as Code provider docs, but I don’t see a divisions attribute on the genesyscloud_oauth_client resource.
Here’s what I’ve got so far:
resource "genesyscloud_oauth_client" "bpo_client" {
name = "BPO Integration Client"
description = "Scoped client for BPO data access"
client_type = "confidential"
redirect_uris = ["https://my-app.com/callback"]
scopes = [
"login:offline",
"admin:queue:read"
]
}
When I create this, it defaults to the global scope or whatever my admin account is in. I need to restrict it. Is this even possible with Terraform right now? Do I have to hit the /api/v2/oauth/clients/{id} endpoint manually after the resource is created to patch in the division IDs? Or is there a separate resource I’m missing? I don’t want to manage this via the UI if I can help it. Anyone get this working?