Skip to main content

Understanding the benefits of the 3 legged authorization I want to include this in my app.


However, I don't need the JS SDK for any other area of the App so I felt I could just simply set up a popup window that will pass the User onto the RC login screen to authenticate the app. However there is no clear instructions on what this request URL should be as all the examples include the JS SDK.


There was some explanation in the following PDF http://ringcentral.github.io/docs/RingCentral_OAuth-2.0_2015-10-08.pdf

that sort of hints that it should be a POST request.


So based on what I have read the URL should be (for testing)


https://platform.devtest.ringcentral.com/restapi/oauth/authorize


Then include, response_type, redirect_uri (which must match the App's Redirect URIs), client_id, and prompt.


https://platform.devtest.ringcentral.com/restapi/oauth/authorize?response_type=code&redirect_uri=<REDIRECT_URI>&client_id=<APP_KEY>&prompt=login_consent


I did this by GET method - which returns me to my RedirectURI with the following parameters attached the URL


&error=invalid_request&error_description=Parameter+[brandId]+is+invalid


Don't know if that is a response or what.


Then I tried it with POST method (as the PDF suggested that) and that returns with


Method Not Allowed.


What I did expect was the Login Screen as the blog post here describes (https://blog.ringcentral.com/2015/10/ringcentral-announces-3-legged-authorization-to-simplify-login-...)


Any help would be much appreciated.







Hello Ashley,

I understand your frustrations, and you will benefit from having the SDK on-hand as you work through 3-Legged Auth. Based on the fact that you are using the 'authorize()' method of the

You asked if the 3-legged Authorize URL you were using is correct, yes. That's the right one, and you have the right parameters from what I can tell in your message (and without seeing the actual HEADERs for the request you were using). Using version 2 of the JS SDK, here is how I addressed this:

var authorizeURI = platform.authUrl({
    redirectUri: process.env.RC_APP_REDIRECT_URI,
    prompt: 'login consent',
    state: process.env.RC_APP_AUTH_STATE
});
// Open browser to authorizeURI (which should contain all the properly formatted queryString parameters in place)
window.open(authorizeURI, '_self', '');
// This should load the RingCentral Login window, which after successfully authenticating will ask for authorization/permission approval
window.close();
// At this point, the browser should redirect to GET your REDIRECT URL
// Verify parameters from the querystring
if( !qs.hasOwnProperty('code') || process.env.RC_APP_AUTH_STATE !== qs.state ) {
    // throw or log an error
} else {
    // WATCH OUT FOR THIS HACKINESS, YOU HAVE TO RETRO-FIT 'redirectUri' because of bug in V2 of JS SDK
    qs.redirectUri = process.env.RC_APP_REDIRECT_URI;
    platform
        .login(qs)
        .then(function(data) {
            // In Node.js w/Express: res.render('yourViewName', );
            // In the client: window.location('somePathToYourApp');
        }
}
If the application brand ID does not match the account brand ID, you will get the error you are seeing (and no, that's not the response). I've not experienced this, but I didn't supply 'brandId' 

You should include the "state" when fetching the authorization URI, and set to a randomized key and stored in your environment variables for verification of inbound requests (that they are actually coming from RingCentral).

I have created this simple [Node.js demo application on Github](https://github.com/bdeanindy/ringcentral-demo) (and I stood up the 3-legged OAuth portion for you to view). Feel free to clone it and try it on your own Sandbox app.

We have some documentation here which provides more information that is helpful: http://ringcentral.github.io/tutorial/#login-via-3-legged-oauth
I am also having issue when using PHP for 3-Legged,
When I click on Authorize button on login consent screen,
I am receiving following error:
"Authentication code cannot be obtained successfully for the given mailbox."

Reply


Terms & ConditionsCookie settings