R N avatar image
R N asked Phong Vu commented

auth code flow - OAuth2::Error: invalid_client: Client authentication is required

Hi, I am using the standard ruby ringcentral sdk Here is how I am trying to authenticate a user using the auth code flow.

Step 1

       @client ||= do |config|
         config.server_url = RingCentralSdk::RC_SERVER_SANDBOX
         config.app_key = "client_id"
         config.app_secret = "client_secret"
         config.redirect_url= "redirect_url"

Step 2 I provide my consent using a browser with url @client.authorize_url

Step 3. I copy the code returned by the api and try to exchange it with a token like so

  token = @client.authorize_code(code)

No matter what I do, I always get this error

   "error" : "invalid_client",
   "errors" : [ {
     "errorCode" : "OAU-123",
     "message" : "Client authentication is required"
   } ],
   "error_description" : "Client authentication is required"

Here are my Ringcentral app settings

App Type: - REST API App (most common)

Auth: - 3-legged OAuth flow authorization code, - Server-side web app

App permissions: - VoIP Calling

Who will be authorized to access your app? - This app is public and will be callable via any RingCentral customer.

What brand partners are available? - Make available to all current and future RingCentral carrier and brand partners(recommended)

I have even done several combinations of these settings to no luck

1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Byrne Reese avatar image
Byrne Reese answered R N commented

I believe you are seeing this error message because when you exchange the auth code for an access token you need to present an HTTP Authorization header that base64 encodes your client id and secret. See here:

Please let me know if this successfully resolves the problem you are seeing!

1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Here are some other resources that may also be at the root cause of your issue: *

0 Likes 0 ·

Thanks Byrne for the answer However here I am using the Ringcentral SDK for authorization and exchanging the code with token. Given that it is the official library of RingCentral, I assume it should add the proper headers. I confirmed that it does by digging into the code. Here is an excerpt from the GitHub repo

 def autorization_header
   @token != nil ? "Bearer #{@token['access_token']}" : "Basic #{basic_key}"
0 Likes 0 ·
Phong Vu avatar image
Phong Vu answered Phong Vu commented

You said that you are using the RingCentral Ruby SDK, but you did not show how you call the SDK authorize method.

What is inside this method? It is not part of the SDK methods.

 token = @client.authorize_code(code)

Anyway, here is an example how to authenticate a user using 3-legged authorization using the RingCentral Ruby SDK.

1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

@Phong Vu authorise_code is a part of the sdk. And in theory it does exactly what it is suppose to do. Which is to send request with proper payload and headers, and fetch tokens.

Here is the documentation: Authorization

0 Likes 0 ·

You are using one of the old/unofficial SDKs and it is not maintained by RingCentral. Use the one in the link I post above.

0 Likes 0 ·

Developer sandbox tools

Using the RingCentral Phone for Desktop, you can dial or receive test calls, send and receive test SMS or Fax messages in your sandbox environment.

Download RingCentral Phone for Desktop:

Tip: switch to the "sandbox mode" before logging in the app:

  • On MacOS: press "fn + command + f2" keys
  • On Windows: press "Ctrl + F2" keys