client authentication required (error: OAU-123)

Give me the app client id and show me the code (masked or remove sensitive info) where you handle the login, rather than showing just the response with error.

Hi ​@PhongVu 

This is my client id : dzJriPvo6b4evdw6QWz7G9

I’ve attached the screenshot of the complete request response along with the client ID. The response is showing an error, and we need your guidance on how to resolve it.

Please let me know if you require any additional details from our side. Kindly provide your solution at the earliest, as we are waiting to proceed further.

Thanks

Based on the screenshot, the body of the request is incorrect.

Here is the instruction:

The first step to authenticate a user using 3-legged authorization (code flow) is to get the “Code” by calling the /authorize endpoint with the following minimum parameters:

response_type=code

redirect_uri=””

client_id=””

In your case, it should be something like this

GET “https://platform.ringcentral.com/restapi/oauth/authorize?response_type=code&redirect_uri=https://www.integromat.com/oauth/cb/ringcentral&client_id=dzJriPvo6b4evdw6QWz7G9”

Then when you get the “code” sent by RingCentral to your redirect URI, use the code to exchange for the tokens by calling the /token endpoint with the following body and headers:

POST “https://platform.ringcentral.com/restapi/oauth/token”

headers:

Accept: application/json 

Content-type:    application/x-www-form-urlencoded
Authorization:    Basic + base64_encoded( Client ID + ":" Client Secret )

body:

{

'grant_type': 'authorization_code',
'code': “***”,
'redirect_uri': “redirect-uri”

}

In your case, it should be something like this

POST “https://platform.ringcentral.com/restapi/oauth/token”

{

  "body": {

    "grant_type": "authorization_code",

    "code": "***",

    "redirect_uri: ": "https://www.integromat.com/oauth/cb/ringcentral"

  },

  "headers": {

    "User-agent": "Make/production",

    "Accept": "application/json",

    "Content-type": "application/x-www-form-urlencoded",

    "Authorization": "Basic [base64_encoded]"

  }

}

Replace the [based64_encoded] string with the actual based64 encode!

based64_encoded = based64_encode ( "dzJriPvo6b4evdw6QWz7G9" + ":" + "app-client-secret")

Hope this helps.

BTW, are you the developer who implements the make.com and RingCentral integration?

Hi,

Yes, I am the developer implementing the Make.com and RingCentral integration.

Make.com directly calls the RingCentral API from their backend. My role was to provide the client ID and client secret from the RingCentral app; the rest is handled by Make.com on the backend.

The /authorize endpoint is working correctly and generates the authorization code as expected:

GET https://platform.ringcentral.com/restapi/oauth/authorize?response_type=code&redirect_uri=https://www.integromat.com/oauth/cb/ringcentral&client_id=dzJriPvo6b4evdw6QWz7G9

This returns the code, and once I authorize the app, it calls the /token API as intended.

Initially, I had selected “Server-side web app (most common)” under “From what type of app will you be calling the API?”. However, since Make.com runs the flow differently and I encountered issues in Postman related to JavaScript enablement, I updated the setting to “Client-side web app, e.g. SPA, JavaScript”.

With this change, the RingCentral app successfully connects in Make.com.

Please confirm if this is the correct configuration or if any further changes are required.

Thank you.

Then I think you are a developer who setups the integration configurations, not the developer who implemented the integration.

For the app type, it’s up to the developer who implements the authentication to choose the app type. That is the Make.com integration requirement, not RingCentral. If you need to verify this, you should contact Make.com to get the answer. But since it works, then I think it is the correct authentication type now.

As far as I know, Make.com has a default RingCentral public app that their customers can just use to authenticate their user (https://apps.make.com/ringcentral). They also allow customers to provide own RingCentral app and that is what you are setting up here. 

Based on the screenshot they provide in the page from the link above, I can see that the default app has many more app scopes that your private app does not have currently. You should check and update your app to make sure that it meets the integration requirements.