Getting Started     Knowledge Base     Community     User Manuals     Ideas
News & Announcements User Community Developer Community

Welcome to the RingCentral Community

Please note the community is currently under maintenance and is read-only.

Search
Make sure to review our Terms of Use and Community Guidelines.
  Please note the community is currently under maintenance and is read-only.
Home » Developers
Is client_id required in OAuth 2.0 authorization code flow - discrepancy in documentation
Tags: oauth2
Aug 10, 2023 at 2:41pm   •   1 replies  •  0 likes
Tom Kustura

In the documentation for OAuth 2.0 authorization code flow there seems to be a discrepancy: https://developers.ringcentral.com/guide/authentication/auth-code-flow

In Step 3 it states that client_id is a required parameter:

client_idstringRequired. Enter your application key (Production or Sandbox) here

But in the sample request provided few lines later it does not list this parameter. When we make a call without this parameter we get the accurate response from the API. Can we get a definitive answer about whether this parameter is required? I want to avoid putting a solution in place that will stop working once someone at RC discovers this gap.

Couple other discrepancies:

1. In Step 3 there is no mention of a header named "Accept", but the sample shows a header:

Accept: application/json

2. In "Step 3 : Auth token response" there is no mention of a return parameter "endpoint_id", but we are receiving a value for this parameter in the response body:

"endpoint_id" : "e8kXbhD3Tl-G3QzAxait_"


Good documentation saves us hours of troubleshooting and potential issues down the road!

1 Answer
Phong Vu answered on Aug 10, 2023 at 4:28pm  

Thanks for reporting the issue! I am sure that the author made a mistake. I will ask them to fix it.

To your question, the client_id (and the client_secret) is needed but it must be based64 encoded and set in the header (NOT in the body param as documented). Here is an example in PHP

$url = $_ENV["RC_SERVER_URL"] . "/restapi/oauth/token";
      $basic = $_ENV["RC_CLIENT_ID"] .":". $_ENV["RC_CLIENT_SECRET"];
      $headers = array (
              'Content-Type: application/x-www-form-urlencoded; charset=UTF-8',
              'Accept: application/json',
              'Authorization: Basic '.base64_encode($basic)
            );
      $body = http_build_query(array (
              'grant_type' => 'authorization_code',
              'code' => $code,
              'redirect_uri' => $_ENV["RC_REDIRECT_URL"]
            ));

The endpoint_id is just an extra id for developer to identify the tokens of an app. You can pass a valid unique value and get it back or you can omit then the server will send a system generated one.


 0



A new Community is coming to RingCentral!

Posts are currently read-only as we transition into our new platform.

We thank you for your patience
during this downtime.

Try Workflow Builder

Did you know you can easily automate tasks like responding to SMS, team messages, and more? Plus it's included with RingCentral Video and RingEX plans!

Try RingCentral Workflow Builder

PRODUCTS
RingEX
Message
Video
Phone
OPEN ECOSYSTEM
Developer Platform
APIs
Integrated Apps
App Gallery
Developer support
Games and rewards

RESOURCES
Resource center
Blog
Product Releases
Accessibility
QUICK LINKS
App Download
RingCentral App login
Admin Portal Login
Contact Sales
© 1999-2024 RingCentral, Inc. All rights reserved. Legal Privacy Notice Site Map Contact Us