To homepage To homepage
Question

Is client_id required in OAuth 2.0 authorization code flow - discrepancy in documentation

  • 10 August 2023
  • 1 reply
  • 93 views
T
  • tk-1
  • Participating Frequently
  • 6 replies

In the documentation for OAuth 2.0 authorization code flow there seems to be a discrepancy: https://developers.ringcentral.com/guide/authentication/auth-code-flow

In Step 3 it states that client_id is a required parameter:

client_idstringRequired. Enter your application key (Production or Sandbox) here

But in the sample request provided few lines later it does not list this parameter. When we make a call without this parameter we get the accurate response from the API. Can we get a definitive answer about whether this parameter is required? I want to avoid putting a solution in place that will stop working once someone at RC discovers this gap.

Couple other discrepancies:

1. In Step 3 there is no mention of a header named "Accept", but the sample shows a header:

Accept: application/json

2. In "Step 3 : Auth token response" there is no mention of a return parameter "endpoint_id", but we are receiving a value for this parameter in the response body:

"endpoint_id": "e8kXbhD3Tl-G3QzAxait_"


Good documentation saves us hours of troubleshooting and potential issues down the road!

1 reply

Phong1426275020
Rank
Userlevel 1

Thanks for reporting the issue! I am sure that the author made a mistake. I will ask them to fix it.

To your question, the client_id (and the client_secret) is needed but it must be based64 encoded and set in the header (NOT in the body param as documented). Here is an example in PHP

$url = $_ENV["RC_SERVER_URL"] . "/restapi/oauth/token";
      $basic = $_ENV["RC_CLIENT_ID"] .":". $_ENV["RC_CLIENT_SECRET"];
      $headers = array (
              'Content-Type: application/x-www-form-urlencoded; charset=UTF-8',
              'Accept: application/json',
              'Authorization: Basic '.base64_encode($basic)
            );
      $body = http_build_query(array (
              'grant_type' => 'authorization_code',
              'code' => $code,
              'redirect_uri' => $_ENV["RC_REDIRECT_URL"]
            ));

The endpoint_id is just an extra id for developer to identify the tokens of an app. You can pass a valid unique value and get it back or you can omit then the server will send a system generated one.

Reply


Terms & ConditionsCookie settings
PRODUCTS
RingEX
Message
Video
Phone
OPEN ECOSYSTEM
Developer Platform
APIs
Integrated Apps
App Gallery
Developer support
Games and rewards

RESOURCES
Resource center
Blog
Product Releases
Accessibility
QUICK LINKS
App Download
RingCentral App login
Admin Portal Login
Contact Sales
© 1999-2024 RingCentral, Inc. All rights reserved. Privacy Notice