question

ron-george4104 avatar image
ron-george4104 asked Anirban edited

Issue with OAUTH flow

I am trying to use the OAUTH flow.


I am using the AppKey as my AuthId.


I am receiving this error:


errorCode" : "TokenInvalid", "message" : "Unparseable access token",



I have been posting to the restapi/oauth/authorize address both with and without credentials. WI am using my appkey and appsecret for credentials.


This is the content I am posting:


response_type=code&client_id=beFrA7oCT5uKbmD7Da3Xiw&redirect_uri=https%3A%2F%2Floancraft.net&state=block



Any thoughts on why I am receiving this TokenInvalid message?




developer sandbox
1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

benjamin-dean avatar image
benjamin-dean answered
It means the token you are presenting to the /restapi/oauth/authorize endpoint is not in a valid format.

Here are several examples of how to use Authorization Flow in a variety of languages:  https://github.com/grokify/ringcentral-demos-oauth
Also, make sure your application is set to use "Authorization Flow".

Which language are you developing with please?
1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Tyler Liu avatar image
Tyler Liu answered
You shouldn't post to /restapi/oauth/authorize, you should redirect user to that page instead. And user login RingCentral and authorize your app.   Ref:  https://github.com/ringcentral/ringcentral-csharp-client/blob/master/RingCentral/RestClient.cs#L144

Once user authorized your app, the page will be redirected to your own page, where you can get an autoCode and post to /restapi/oauth/token to get access_token.  Ref:  https://github.com/ringcentral/ringcentral-csharp-client/blob/master/RingCentral/RestClient.cs#L169
1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

paritosh-gupta6947 avatar image
paritosh-gupta6947 answered
Hello
I trying to use RingCentral in my app.
So I followed  http://ringcentral-api-docs.readthedocs.io/en/latest/oauth/#authorization-code-flow and I can login with RingCentral Login PopUp but popup doesn't close after login.
And Auth code is returned in PopUp Modal so I can't get the auth code in my app(main browser).
And then How can I get the access token from auth code?
I called the API( https://platform.devtest.ringcentral.com/restapi/oauth/token) with returned code but it says "error": "invalid_client".

please help me.
1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

ak avatar image
ak answered
Question: So I followed  http://ringcentral-api-docs.readthedocs.io/en/latest/oauth/#authorization-code-flow and I can login with RingCentral Login PopUp but popup doesn't close after login.

AK: Could you please post the redirect code that you are using? By that I mean the code where you have implemented the popup. 

Question: I called the API( https://platform.devtest.ringcentral.com/restapi/oauth/token) with returned code but it says "error": "invalid_client".

AK: Could you please make sure the HTTP request headers and the Body resemble the one given here:  Get Token


Steps to Authorize using the OAuth2.0 
  1. Redirect the user to the Login Popup Page and once you receive the authorization code you would be redirected to your Original Page.
  2. Use the Auth Code to exchange for tokens ( access token/refresh token )  Get Token

We have a sample demo which you could refer to for:

1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Anirban avatar image
Anirban answered Anirban edited

The Authorization Code Flow, also referred to as a "3-legged authorization flow," is the most recommended approach of authenticating RingCentral users and every public apps follow this process.

It exchange to code token with access token.

Here is complete official docs with steps helps user to follow and understand the process:

https://developers.ringcentral.com/guide/authentication/auth-code-flow

Sample request:

POST /restapi/oauth/token
Accept: application/json 
Content-Type: application/x-www-form-urlencoded 
Authorization: Basic cmVsLWFsbC1wZXJtaXNzaWXFjMmpRZmlQcnlkSUkweE92QQ==code=U0pDMTFQMDFQQVMwMXxBQUJfTVpHWk5lM29zNVFmWnNHQ01MSmJuMHJmNGlRcnRaeEptTWlPS0MzUTdYRDdSTURiaHBuWHZINGM2WTdqaWlBOEVhRHNxRWdJVUNYQjd4dmJsWHJoVVlWQVN2SFo2YWJPanJsRkFWZk9SMm5lek0tWnF5d3h8C3AnYOPxO0flEwO6Ffoq9Tlqs1s&grant_type=authorization_code&redirect_uri=https%3A%2F%2Fmyapp.acme.com%2Foauth2redirect              

Hope this will help

1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Developer sandbox tools

Using the RingCentral Phone for Desktop, you can dial or receive test calls, send and receive test SMS or Fax messages in your sandbox environment.

Download RingCentral Phone for Desktop:

Tip: switch to the "sandbox mode" before logging in the app:

  • On MacOS: press "fn + command + f2" keys
  • On Windows: press "Ctrl + F2" keys