question

yash-patel2380 avatar image
yash-patel2380 asked Anirban answered

OAuth2 Authorization Flow Issue

Hi,


I am trying to use a three-legged authorization flow to authenticate a user in my application. However, I am having an issue in the first step, requesting an authorization code:


I try to make a POST request to https://platform.devtest.ringcentral.com/restapi/oauth/authorize with response_type: code, client_id: APP_KEY, and redirect_uri: URL and I get a 405, method not supported.


What am I doing wrong?

sdk
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

John Wang avatar image
John Wang Deactivated answered
For the Authorization Code, flow, the user's browser must be redirected to the authorize URI. You should not POST to the URI either in your backend server code or in your browser code.

What language are you using?

We have demo apps in multiple languages here:

https://github.com/grokify/ringcentral-demos-oauth

Demos are available in C#, JavaScript (client and server-side), PHP, Python, and Ruby.

In the demos, the URL is generated by the SDK or the example code, and loaded into client-side JavaScript which opens a new window to the authorize URL. You can see an example of this here:

https://github.com/grokify/ringcentral-demos-oauth/blob/master/javascript-express/views/index.mustac...
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

anton-nikitin avatar image
anton-nikitin answered
According to OAuth 2.0 spec you should use GET method, not POST. I believe this is the reason of the error you are getting. But I agree with John, you should try out our SDK if you find one for your language.
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

yash-patel2380 avatar image
yash-patel2380 answered
The demo was really helpful for a sample on how to implement using JavaScript... HOWEVER, in the demo, I am able to log in successfully and after I click the authorize button, I receive a "DOMException: Blocked a frame with origin " http://127.0.0.1:8080"; from accessing a cross-origin frame" message in the console window and the popup window stays open... 

What is going on here? The expected result would be to see the access token in the original window. Any solutions?
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

ak avatar image
ak answered
The " DOMException: Blocked a frame with origin " http://127.0.0.1:8080" ; from accessing a cross-origin frame" is due to the Same-origin security policy.

As the original window is trying to access the popup window which is enabled in a different origin ( https )

You are right. The moment you provide your credentials on the popup window, the token information  would be passed to the original window in the Demo app. However, if the popup window stays open, I would make sure to see the Line 38 and Line 42 is not commented within index.html

If you wish to preview the Demo using TLS option, kindly take a look at the javascript-express folder.
https://github.com/grokify/ringcentral-demos-oauth/tree/master/javascript-express
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Anirban avatar image
Anirban answered

When you get HTTP 405, method not supported that means your HTTP method for calling the API is not correct.

Generally https://platform.devtest.ringcentral.com/restapi/oauth/authorize is a GET method used in browser to get code and exchange it with token. If you are using POST, you are expected to get that issue

1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Developer sandbox tools

Using the RingCentral Phone for Desktop, you can dial or receive test calls, send and receive test SMS or Fax messages in your sandbox environment.

Download RingCentral Phone for Desktop:

Tip: switch to the "sandbox mode" before logging in the app:

  • On MacOS: press "fn + command + f2" keys
  • On Windows: press "Ctrl + F2" keys