Skip to main content
To homepage To homepage

oAuth2 callbacks should have a state variable within them to verify the callback.

/?state=xyz&code=123

However, when we click the "Add to Glip" button no state is passed. The callback URL looks like this:

code=123&client_id=XXXXXcreator_account_id=1234567890&creator_extension_id=0987654321

Another problem is that as the callback does not occur in user's browser, we lost all kind of cookies/sessions. We have no idea who is the user clicking the "Add to Glip" button.

There is no state. But there is a Verification-Token in header which you can verify that the request is indeed from RingCentral.

After you click that button, a bot user is created. When you get the token there is a owner_id property and that is the bot user's id. So it doesn't matter who clicked that button because the token is the newly created bot user's token.

I am not an expert either. We can discuss.
Thanks Tyler,

While connecting Glip to our app, we need to know the person who clicked the button. This is required to keep the user experience seamless. Is there any way to get this information in callback?

Reply


Terms & ConditionsCookie settings
PRODUCTS
RingEX
Message
Video
Phone
OPEN ECOSYSTEM
Developer Platform
APIs
Integrated Apps
App Gallery
Developer support
Games and rewards

RESOURCES
Resource center
Blog
Product Releases
Accessibility
QUICK LINKS
App Download
RingCentral App login
Admin Portal Login
Contact Sales
© 1999-2024 RingCentral, Inc. All rights reserved. Privacy Notice