Byrne Reese avatar image
Byrne Reese posted

Announcement: end-of-life for implicit grant for OAuth

Dear RingCentral Developer Community,

Following the recommendations from the OAuth community, we will be working in the coming months to reduce and eventually eliminate support for the implicit grant type for OAuth, with a goal of completing the process by March 2023. The core reason for eliminating this authentication mode is to help improve the security of the apps operating on our platform.

Why are we making this change?

Using implicit grant, apps receive access tokens without an opportunity to authenticate themselves, which, in turn makes the apps vulnerable to various exploits, which can grant others access to their account data. We, along with the OAuth community, recommend developers switch their apps over to use the authorization code with PKCE, which addresses the shortcomings of the implicit grant protocol.

Who is affected by this change?

The good news is that only a small number of developers are affected by this change, and those impacted have already been contacted via email. Given the small number of those affected by this change, we won't discontinue support until we can safely transition those developers to PKCE. However, any apps not actively using this authentication method will have implicit grant explicitly disabled.

What do I need to do?

RingCentral recommends that all developers adopt PKCE as a way to harden their applications and improve security. If you are using implicit grant today, then adopting PKCE is required. RingCentral's SDKs have already been updated to support this protocol and you can find documentation in our Developer Guide to help you if you need assistance in making this transition.

We know changes like this can be disruptive, so we want to thank the developer community in helping us to make this important transition to better secure our network.

Sincerely, RingCentral Developer Support

1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Developer sandbox tools

Using the RingCentral Phone for Desktop, you can dial or receive test calls, send and receive test SMS or Fax messages in your sandbox environment.

Download RingCentral Phone for Desktop:

Tip: switch to the "sandbox mode" before logging in the app:

  • On MacOS: press "fn + command + f2" keys
  • On Windows: press "Ctrl + F2" keys



ByrneReese contributed to this article