question

hunter-steele9698 avatar image
hunter-steele9698 asked anton-nikitin answered

Randomly getting OAU-142 - "Login to account in current state is not allowed" on token refresh

We have several clients that are utilizing RingCentral integration with our application. We refresh the OAuthTOken using the RefreshToken once we see that the OAuthToken has expired (past its expiry date).


This seems to all work well and good for days, weeks, even months but sometimes the refresh process fails with the following error:

"error" : "invalid_grant",
"error_description" : "Login to account in current state is not allowed",
"errors" : [

{ "errorCode" : "OAU-142", "message" : "Login to account in current state is not allowed" }

]

My question is - what causes this error? I wish we could just ignore and try to refresh again but all subsequent refreshes fail with error 'Token not found' because the old refresh token is invalidated. This means the clients need to re-authorize their credentials.

My question is what causes this initial "Login to account in current state is not allowed" error? And what can we do to prevent it?

Thank you.



oauth
1 |3000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

3 Answers

Embbnux Ji avatar image
Embbnux Ji answered
Hi, Hunter. Can you show how you get token. Token refresh flow only works for token that created by authorization code flow and password flow grant.

Thanks

1 |3000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

hunter-steele9698 avatar image
hunter-steele9698 answered
We use 'authorization code flow'.
A request is made to your authorization page, an authcode is redirected to our servers which then requests a token.

We followed the instructions from here:
http://ringcentral-api-docs.readthedocs.io/en/latest/oauth/#authorization-code-flow

As I said, this works fine and the token is refreshed correctly numerous times.
1 |3000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

anton-nikitin avatar image
anton-nikitin answered
Hunter,

it happened if Customer account or extension state is changed so that the backend cannot allow this user to log in anymore. In reality it may correspond to the following situation:

* Customer account is cancelled
* Customer account is disabled
* Customer account is suspended because of inability to charge credit card on file
* User extension is disabled by administrator

The client app cannot do anything to prevent it - it is out of its control. The only thing which can and should be done is to properly handle such condition - show login form again. Once end-user will try to login again it will be (most likely) informed of what is causing inability to sign in.
1 |3000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Developer sandbox tools

Using the RingCentral Phone for Desktop, you can dial or receive test calls, send and receive test SMS or Fax messages in your sandbox environment.

Download RingCentral Phone for Desktop:

Tip: switch to the "sandbox mode" before logging in the app:

  • On MacOS: press "fn + command + f2" keys
  • On Windows: press "Ctrl + F2" keys