question

Catie Sessions avatar image
Catie Sessions asked Catie Sessions answered

SSO, embeddable widget, and login-required

I'm working on using SSO with the embeddable widget. So far, I've gotten the OAuth process working through the PHP SDK, and can get an access_token, etc. for my sandbox application. But when I then load an Iframe with the embeddable app.html URL + authMode=sso + my sandbox appKey + appServer = https://platform.devtest.ringcentral.com, everything just redirects to https://ringcentral.github.io/ringcentral-embeddable/redirect.html#error=login_required

The application is not published, Platform Type = Browser-based, and has two OAuth Redirect URIs configured -- my callback endpoint for the OAuth process on the server, and the default embeddable redirect URI https://ringcentral.github.io/ringcentral-embeddable/redirect.html

Any ideas?

sdk
1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Phong Vu avatar image
Phong Vu answered

Where did you find the instruction to put the authMode, client id etc.?

Can you just specify the configurations as shown in this page and log in. Hold on the SSO login for a while and just login with the user's phone number and password. If it works, then let's tackle the SSO later as you will need to enable SSO on your RingCentral account.


1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Catie Sessions avatar image
Catie Sessions answered Phong Vu commented
1 comment
1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Can you test with just user phone number and password to see if it works. Also login your sandbox account and check of your SSO is setup.

0 Likes 0 ·
Catie Sessions avatar image
Catie Sessions answered Catie Sessions edited

That Single Sign-on setting seems different than what I'm trying to accomplish? Perhaps I should start from the beginning.

We have an existing web application, we'd like to add the RingCentral Embeddable widget to it. We'd like to have the backend server and Embeddable both use the same authentication state.

Right now, we're using the PHP SDK to implement OAuth, and capture the authentication code from the callback, exchange it for a token, and store the token. This part follows the process laid out in

https://developers.ringcentral.com/guide/authentication/quick-start/authorization-flow/php

A later part of the application adds the Embeddable to the page using an iframe, using our appKey and the sandbox appServer in the source URL.

It mostly works, if I remove the authMode=sso parameter. But it also doesn't seem to share the authentication state between the two. After the authentication token expires normally, the server side can refresh using the refresh token, but the user has to sign in again through Embeddable separately.

Am I even on the right track for this?

1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Embbnux Ji avatar image
Embbnux Ji answered

Hi Catie, just tried it. The feature doesn't work now. Seem the login page upgraded and this feature is not supported now.

Will investigate more and keep you updated.

1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Catie Sessions avatar image
Catie Sessions answered

Sorry, any updates on this?

1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Embbnux Ji avatar image
Embbnux Ji answered

Hi Catie, the feature is failed by security upgrading in RingCentral login page.

For now, I think we can build a RingCentral API proxy server, and set appServer of the Embeddable to this proxy server. The Embeddable can get RingCentral token, refresh token by this server and request RingCentral API by this proxy server. And the proxy server can share RingCentral token with your RingCentral backend app.

1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Catie Sessions avatar image
Catie Sessions answered

Thanks for the update. What do we need to do on our end?

1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Developer sandbox tools

Using the RingCentral Phone for Desktop, you can dial or receive test calls, send and receive test SMS or Fax messages in your sandbox environment.

Download RingCentral Phone for Desktop:

Tip: switch to the "sandbox mode" before logging in the app:

  • On MacOS: press "fn + command + f2" keys
  • On Windows: press "Ctrl + F2" keys