Skip to main content

oAuth2 callbacks should have a state variable within them to verify the callback.

/?state=xyz&code=123

However, when we click the "Add to Glip" button no state is passed. The callback URL looks like this:

code=123&client_id=XXXXXcreator_account_id=1234567890&creator_extension_id=0987654321

Another problem is that as the callback does not occur in user's browser, we lost all kind of cookies/sessions. We have no idea who is the user clicking the "Add to Glip" button.

There is no state. But there is a Verification-Token in header which you can verify that the request is indeed from RingCentral.

After you click that button, a bot user is created. When you get the token there is a owner_id property and that is the bot user's id. So it doesn't matter who clicked that button because the token is the newly created bot user's token.

I am not an expert either. We can discuss.
Thanks Tyler,

While connecting Glip to our app, we need to know the person who clicked the button. This is required to keep the user experience seamless. Is there any way to get this information in callback?

Reply


Terms & ConditionsCookie settings