Let me try to provide you details by breaking it down.
For Authorization your application needs to define the authentication type.
For example, if your application supports Password flow type authentication, you can easily get the access token in a single oauth call.
url: https://platform.devtest.ringcentral.com/restapi/oauth/token (in case of dev)
Method: POST
Body: username=+<your phone number>&password=<your password>&extension=101&grant_type=password
In response you will get the access_token and can use that to call all RingCentral APIs
If your application supports Authorization code which is also referred to as a "3-legged authorization flow"
You have to get the access_token in 2-3 steps
url: https://platform.devtest.ringcentral.com/restapi/oauth/authorize?response_type=code&redirect_uri=<your callback url>&client_id=<your client id>&display=page&prompt=
Now if for example your callback or redirect uri is https://www.getpostman.com/oauth2/callback then
then your Authorization flow first step will be:
url: https://platform.devtest.ringcentral.com/restapi/oauth/authorize?response_type=code&redirect_uri=https://www.getpostman.com/oauth2/callback&client_id=<your client id>&display=page&prompt=
Method: GET
Now this redirect uri should be also mentioned in your application in OAuth Redirect uri
Note: you can give any url you like, but it should be same here in the application config as well in Authorization flow url redirect_uri
"No redirect uri is registered for the client" can comes if the API dont find the same redirect uri in application defined.
Once you hit the Authorization flow url with GET method (in browser), the API will take you to the Authorization page view permission. You can see the permission which you mentioned in your question "I can't seem to identify how to specify permissions. "
You need to Authorize the application and browser is then redirected to the "Redirect URI" you’ve provided in the request. Some thing like this:
https://app.getpostman.com/oauth2/callback?code=<Your code>
Once you get this code in url, you can use this code to exchange access_token in next API call as below:
url: https://platform.devtest.ringcentral.com/restapi/oauth/token
Method: POST
Body: client_id=<your client id>&code=<the code you got in previous step in browser> &redirect_uri=https://www.getpostman.com/oauth2/callback&grant_type=authorization_code
And now you will get your access token
Your question on "API docs give a longer than usual list of parameters as form data parameters but specify that the auth request is to be a GET action, no POST parameters allowed. "
I have mentioned the steps, url and their method GET/POST. Hope you can now able to resolve any issue you are getting
@Anirban,
Thank you so much! This answers a lot and the thorough explanation is very helpful. One question about the 'password flow' then, because I think (it sounds like) I may have been getting docs mixed up between that and the three legged course.
For this integration anyway, it's for one specific app and only them, and it's only going to be for basic contact details to push into Infusionsoft (CRM/Marketing SaaS). So it sounds like I can just use that approach without any concern...or is there something I might be missing?
Thanks so much again, you're awesome!
Password flows are easy to implement. The application required user's credentials and the whole process can be done in single steps and very useful in private applications used with an organisation.
However for public application outside the organisation where there will be large number of users involved example web application or public webservice, Authorization flows are considered to be more secure as it will grant permission to user's account each time without exchanging user's credentials with 3rd party.
Which kind of Oauth grant type is suitable, you can check here: https://developers.ringcentral.com/guide/authentication