I hate to do this but while my sandbox app has met ringCentral's requirements for graduation, it hasn't met mine.
Somewhere in the app, it understandably performs the password flow auth.
The problem is I don't know where or when this is happening.
I would love to get the headers and parameters required so that I can generate what I think is simple code myself. This also means that if something goes wrong in the future, I have a much better chance of diagnosing the issue and fixing it quickly.
I can mimic the http request below as long as I know which value to use in place of <some long unidentified string>
POST /restapi/oauth/token HTTP/1.1
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Authorization: Basic <some long unidentified string>
grant_type=password&username=<username>&extension=<simpleextension ie: 101>&password=<password>