question

hunter-steele9698 avatar image
hunter-steele9698 asked ·

Randomly getting OAU-142 - "Login to account in current state is not allowed" on token refresh

We have several clients that are utilizing RingCentral integration with our application. We refresh the OAuthTOken using the RefreshToken once we see that the OAuthToken has expired (past its expiry date).

This seems to all work well and good for days, weeks, even months but sometimes the refresh process fails with the following error:

"error" : "invalid_grant",
"error_description" : "Login to account in current state is not allowed",
"errors" : [

{ "errorCode" : "OAU-142", "message" : "Login to account in current state is not allowed" }

]

My question is  - what causes this error? I wish we could just ignore and try to refresh again but all subsequent refreshes fail with error 'Token not found' because the old refresh token is invalidated. This means the clients need to re-authorize their credentials.

My question is what causes this initial "Login to account in current state is not allowed" error? And what can we do to prevent it?

Thank you.



aaa
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Embbnux Ji avatar image
Embbnux Ji answered ·
Hi, Hunter. Can you show how you get token. Token refresh flow only works for token that created by authorization code flow and password flow grant.

Thanks

1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

hunter-steele9698 avatar image
hunter-steele9698 answered ·
We use 'authorization code flow'.
A request is made to your authorization page, an authcode is redirected to our servers which then requests a token.

We followed the instructions from here:
http://ringcentral-api-docs.readthedocs.io/en/latest/oauth/#authorization-code-flow

As I said, this works fine and the token is refreshed correctly numerous times.
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

anton-nikitin avatar image
anton-nikitin answered ·
Hunter,

it happened if Customer account or extension state is changed so that the backend cannot allow this user to log in anymore. In reality it may correspond to the following situation:

* Customer account is cancelled
* Customer account is disabled
* Customer account is suspended because of inability to charge credit card on file
* User extension is disabled by administrator

The client app cannot do anything to prevent it - it is out of its control. The only thing which can and should be done is to properly handle such condition - show login form again. Once end-user will try to login again it will be (most likely) informed of what is causing inability to sign in.
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.