Skip to main content
To homepage To homepage

I’m using the 3-legged OAuth flow (Authorization Code → Server-side web) to allow users to log in to the dashboard. However, the embedded Web Phone requires users to re-authenticate.

I tried using JWT authorization for the embedded Web Phone but received the following error:

POST https://platform.ringcentral.com/restapi/v1.0/client-info/sip-provision 403  
Error: In order to call this API endpoint, application needs to have [VoipCalling] permission

Since the authorization code is already used during sign-in, can I reuse the existing access token to authenticate the Web Phone within the iframe? Or is there another way to enable single sign-on for both the dashboard and the embedded Web Phone without requiring users to re-authenticate?

The issue you described does not match the error you provided. So please double check if your app has the missing app scope.

For authentication, I don’t know what is your dashboard and how it’s linked to the Web Phone. But in general, after authentication, you will get the access token and the refresh token and you can use the tokens wherever you want, provided that you know how to share the tokens.

apologies if my earlier message lacked detail.

I’m using the following URL for the embedded Web Phone:
https://apps.ringcentral.com/integration/ringcentral-embeddable/latest/app.html?clientId=...
along with the clientSecret and JWT, but I’m encountering the same 403 error:

 

Here’s our current setup:

  • Users log in to our app through the 3-legged OAuth flow (restapi/oauth/authorize) to obtain the auth_code.

  • We exchange that for an access token and a refresh token.

My question: since we already have the access token and refresh token, can we authenticate the embedded iframe (Web Phone) directly using those, without requiring the user to log in again?

Or any other way to achieve it?

Well, the RingCentral embeddable is not the Web Phone. Let’s check with the expert ​@Embbnux1109171020 if that is doable.

Hi ​@Umair Dar From error message, it shows the client ID for JWT grant miss app scope “VoIP calling”. You can add that in RingCentral developer portal.

And can you share more about how you use RingCentral token in your server side service? For best practice to use RingCentral Embeddable and your own server side service is to create two client IDs for those two apps. But in your server side service, it uses RingCentral company API with admin token.

So full workflow is:

A RingCentral admin user authorize RingCentral in your service side web with client ID A. Then you can use the admin token to fetch full company’s calls data, create webhook for full company. 

Other users authorize in Embeddable widget with 3-legs auth with client ID B. Then those users make calls in Embeddable widget.

Hey ​@Embbnux , hope you’re doing well.

Let’s set aside the JWT flow for now. We’re using the 3-legged OAuth flow for users to log in to our website. Once logged in, we load the RingCentral Embeddable Dialer widget within the site — however, users are prompted to re-login using the same 3-legged flow.

Is there a way to avoid this second login? Since we already have the user’s access token and refresh token from the initial sign-in, can we use those to authenticate the Embeddable Dialer widget directly?

Thanks.

Hi ​@Umair Dar Unfortunately not, token can’t be shared in two apps.  Once token is refreshed in a app, it will make another app broken. 

 

Terms & ConditionsCookie settingsAccessibility statement
PRODUCTS
RingEX
Message
Video
Phone
OPEN ECOSYSTEM
Developer Platform
APIs
Integrated Apps
App Gallery
Developer support
Games and rewards

RESOURCES
Resource center
Blog
Product Releases
Accessibility
QUICK LINKS
App Download
RingCentral App login
Admin Portal Login
Contact Sales
© 1999-2024 RingCentral, Inc. All rights reserved. Privacy Notice