question

matt-spinks2179 avatar image
matt-spinks2179 asked matt-spinks2179 commented

Best Practices With OAuth and Multiple Processes

I'm looking for some guidance on how to handle multiple backend processes attempting to access the RingCentral api for the same account simultaneously. Each separate process runs independently, on a separate schedule, and has its own token refresh logic built in. For the most part, this all works well. But every once in a while I end up with a token that is "expired". The only way to resolve it is to have the user log back into our app so the token can refresh again.

This happens very infrequently, but often enough that it's an annoyance both to me and to the customers impacted. But it's infrequent enough that it's hard to track down the issue. I am suspicious that my two separate processes are colliding with each other, getting fired off at the same time, and the refreshed token in one process overrides the refreshed token in the other one, and the system ends up with an invalid token at the end. Is that a possibility?

What is the best way to handle this scenario?

Just a little background - the two processes run continuously, on separate schedules, and check the user's account for new data. One process runs every 5 minutes, and the other process runs every 2 minutes.

oauthoauth2
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Phong Vu avatar image
Phong Vu answered matt-spinks2179 commented

Hi Matt,

Sorry for the delayed response. Are you looking for solutions for password flow or OAuth authentication? There must be different approach for different authentication method. So let me know.

1 comment
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

matt-spinks2179 avatar image matt-spinks2179 commented ·

Sorry for the delay on this. I didn't realize I had a response here. We are using OAuth.

0 Likes 0 ·
Anirban avatar image
Anirban answered matt-spinks2179 commented

One way I can suggest is sharing the access token among multiple backend process. If you are using API calls in backend process with access token, which I am assuming, you can share that with the multiple calls. One of the way is using Caching the token for a particular period of time and using the token among different processes.

That will avoid colliding and overriding issue you are facing

1 comment
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

matt-spinks2179 avatar image matt-spinks2179 commented ·

Hi Anirban,

We are in fact sharing the token amongst all the different processes and resources. The problem that we encounter sometimes (very rarely) is that process 1 and process 2 fire off at the same time, after the token expires. Process 1 initiates a token refresh, and process 2 also initiates a token refresh at the same time. Process 1 might have fired off a little sooner than process 2, so process 2 has the latest and correct token. Ideally, the latest refresh should be saved last (process 2), and that should be fine. However, occasionally, process 1 might be delayed a few milliseconds. And so the result of the token refresh of process 1 gets saved last and over-writes the correct new token from process 2.

I'm looking for some general guidelines on how to handle this. It's rare when it happens. But it occasionally does (I think). Is there some sort of safeguard on the RingCentral side that ensures that results from multiple token refreshes are identical?

0 Likes 0 ·

Developer sandbox tools

Using the RingCentral Phone for Desktop, you can dial or receive test calls, send and receive test SMS or Fax messages in your sandbox environment.

Download RingCentral Phone for Desktop:

Tip: switch to the "sandbox mode" before logging in the app:

  • On MacOS: press "fn + command + f2" keys
  • On Windows: press "Ctrl + F2" keys