I want to avoid dual authentication for user

The issue you described does not match the error you provided. So please double check if your app has the missing app scope.

For authentication, I don’t know what is your dashboard and how it’s linked to the Web Phone. But in general, after authentication, you will get the access token and the refresh token and you can use the tokens wherever you want, provided that you know how to share the tokens.

apologies if my earlier message lacked detail.

I’m using the following URL for the embedded Web Phone:
https://apps.ringcentral.com/integration/ringcentral-embeddable/latest/app.html?clientId=...
along with the clientSecret and JWT, but I’m encountering the same 403 error:

 

Here’s our current setup:

• Users log in to our app through the 3-legged OAuth flow (restapi/oauth/authorize) to obtain the auth_code.

• We exchange that for an access token and a refresh token.

My question: since we already have the access token and refresh token, can we authenticate the embedded iframe (Web Phone) directly using those, without requiring the user to log in again?

Or any other way to achieve it?

Well, the RingCentral embeddable is not the Web Phone. Let’s check with the expert ​@Embbnux1109171020 if that is doable.

Hi ​@Umair Dar From error message, it shows the client ID for JWT grant miss app scope “VoIP calling”. You can add that in RingCentral developer portal.

And can you share more about how you use RingCentral token in your server side service? For best practice to use RingCentral Embeddable and your own server side service is to create two client IDs for those two apps. But in your server side service, it uses RingCentral company API with admin token.

So full workflow is:

A RingCentral admin user authorize RingCentral in your service side web with client ID A. Then you can use the admin token to fetch full company’s calls data, create webhook for full company. 

Other users authorize in Embeddable widget with 3-legs auth with client ID B. Then those users make calls in Embeddable widget.

Hey ​@Embbnux , hope you’re doing well.

Let’s set aside the JWT flow for now. We’re using the 3-legged OAuth flow for users to log in to our website. Once logged in, we load the RingCentral Embeddable Dialer widget within the site — however, users are prompted to re-login using the same 3-legged flow.

Is there a way to avoid this second login? Since we already have the user’s access token and refresh token from the initial sign-in, can we use those to authenticate the Embeddable Dialer widget directly?

Thanks.

Hi ​@Umair Dar Unfortunately not, token can’t be shared in two apps.  Once token is refreshed in a app, it will make another app broken.