Changing Environments

Paul Hermans

I need some help understanding. What I am trying to do is to login using my developer account (let's call it useraccount_1), connect to the testing cohort and then when I know it is working, reauthenticte using my actual workplace account where there is the data i need to access (let's call it useraccount_2).

The issue is not getting authorization, that is all working fine. The issue is that when I 1st request authorization BB asks me to login which I do using useraccount_1 and then recieve credentials for the testing environment.

However, when I try to request authorization again (not a renewal) it still thinks I want to do it using useraccount_1 which does not have access to the environment I want. I see no way to logout of useraccount_1 and then let me login using useraccount_2 other than to in a seperate browser go to a BB site like the developer community, and then logout. Then go to the authorize page and login with account_2.

Maybe I am doing something wrong, or just misunderstanding, but it seems crazy that I can not simply logout on the page that is asking me to authorize an app.

The ideal scenario would be to add a parameter or something to the request that would FORCE me to re-login in order to authorize.

Thanks in advance for any help you can provide.

Ben Lambert

Hi @Paul Hermans,

This is actually working as designed (*but read on...) - the OAuth authorization page (like the SKY Developer portal, the Raiser's Edge NXT web app, and other Blackbaud pages you might encounter along the way) detects that you're already signed in with a Blackbaud ID. All of these pages federate together and are context aware of whether you're signed in or not.

I remember some discussion about whether we ought to add a "Sign out" link on the OAuth page so you could do as you described and sign out as useraccount_1 and then sign in as authaccounbt_2. At the time, we decided to not implement that feature given other pressing needs and also because such a feature would result in signing you out of *all* pages (across all systems that use Blackbaud ID), and we thought that might be more of a hassle and an undesirable side effect.

The workaround is to do exactly as you've described and use a different browser (or incognito/private mode) to test your second account, or to visit a page that does allow you to sign out (globally) before testing your second account.

*Admittedly it's not the best experience and one can certainly envision ways to improve it (showing the omnibar, or a slimmed down version just containing a sign out button, and/or allowing a FORCE parameter on the OAuth page, etc.). So your feedback is valid and I'd recommend filing this in the Idea Bank (at https://developer.blackbaud.com/skyapi/support/ideas) so Blackbaud might consider implementing this in the future.

Paul Hermans

@Ben Lambert
Thanks Ben, dissapointing, but at least I know I am not missing something :-)

For some reason Google Chrome has incognito window blocked, so I tried guest mode which they say is the same, but it didn't work. Argh!

I will just open a new window and logout somehow.

Paul Hermans

@Ben Lambert
Now I am trying simply to give a url that a user can click on to logout. That seems to be a challenge because when I am using my developer account I am logged in to the Developer pages…..but apparently that is different than other pages but not all pages. What a mess.

Is there a simple way to just logout? How do I know what url the user should go to to logout? I am fine going to a page that has logout on it, but then what blanking page is that?

Ben Lambert

@Paul Hermans

Try using the /sign-out link that the omnibar uses - if you click on your avatar in the upper right of the omnibar and hover over “Sign out” text you'll see it uses the following URL:

[…and in case it helps remove some confusion…note that there are multiple user personas in play here. Your SKY Developer account (attached to your Blackbaud ID) doesn't give you any Blackbaud application access. It allows you to access the developer portal of course, view your API keys, surf the documentation, and register SKY applications (i.e., OAuth clients of the API). But in order to access any of Blackbaud's applications (RENXT, FENXT, Education Management, etc.), you have to be invited as an end-user (which is also attached to your Blackbaud ID). This allows an administrator (also an end-user at a Blackbaud customer organization), to control what level of access you have within the application. By having everything attached to your Blackbaud ID, you only have to sign in once - so it's convenient when you're navigating between the developer portal and any given Blackbaud product. A side effect of that is, it can sometimes be confusing when you (as a developer) wear multiple hats and need to access a application as an end-user]

Hope all of this info helps - make sure you're giving Blackbaud feedback on any aspect of the developer experience that you find confusing!

Michael Panagos

@Paul Hermans
I'm not 100% sure what you are trying to log in to, so this response might be a little off. For my integrations, I have a “clear the WebView cache” switch that is used when I need to reauthenticate with a clean browser. But it sounds like you are just using your default web browser and not an app to log in.

Anyway, this might only help in some circumstances, but if you use Microsoft Edge, you can have it open links in specific browser profiles by URL, domain, etc. So, if your browser opens a specific link, it will automatically switch it to the correct profile. This is available under Edge Settings > Profiles > Profile Preferences.

Paul Hermans

@Ben Lambert

Once again you are super helpful - Thank you! I don't think that I had fully processed what the implications of having a developer account and an end user account were, and I didn't see that link but it seems to be just what I need. It is coming along (slowly) and might be an interesting study in how not to learn a new api :-) but I really appreciate your help so far.