question

Catie Sessions avatar image
Catie Sessions asked ·

SSO, embeddable widget, and login-required

I'm working on using SSO with the embeddable widget. So far, I've gotten the OAuth process working through the PHP SDK, and can get an access_token, etc. for my sandbox application. But when I then load an Iframe with the embeddable app.html URL + authMode=sso + my sandbox appKey + appServer = https://platform.devtest.ringcentral.com, everything just redirects to https://ringcentral.github.io/ringcentral-embeddable/redirect.html#error=login_required

The application is not published, Platform Type = Browser-based, and has two OAuth Redirect URIs configured -- my callback endpoint for the OAuth process on the server, and the default embeddable redirect URI https://ringcentral.github.io/ringcentral-embeddable/redirect.html

Any ideas?

embedded widgetssologin_required
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Phong Vu avatar image
Phong Vu answered ·

Where did you find the instruction to put the authMode, client id etc.?

Can you just specify the configurations as shown in this page and log in. Hold on the SSO login for a while and just login with the user's phone number and password. If it works, then let's tackle the SSO later as you will need to enable SSO on your RingCentral account.


Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Catie Sessions avatar image
Catie Sessions answered ·
1 comment Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Can you test with just user phone number and password to see if it works. Also login your sandbox account and check of your SSO is setup.

0 Likes 0 · ·
Catie Sessions avatar image
Catie Sessions answered ·

That Single Sign-on setting seems different than what I'm trying to accomplish? Perhaps I should start from the beginning.

We have an existing web application, we'd like to add the RingCentral Embeddable widget to it. We'd like to have the backend server and Embeddable both use the same authentication state.

Right now, we're using the PHP SDK to implement OAuth, and capture the authentication code from the callback, exchange it for a token, and store the token. This part follows the process laid out in

https://developers.ringcentral.com/guide/authentication/quick-start/authorization-flow/php

A later part of the application adds the Embeddable to the page using an iframe, using our appKey and the sandbox appServer in the source URL.

It mostly works, if I remove the authMode=sso parameter. But it also doesn't seem to share the authentication state between the two. After the authentication token expires normally, the server side can refresh using the refresh token, but the user has to sign in again through Embeddable separately.

Am I even on the right track for this?

Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Embbnux Ji avatar image
Embbnux Ji answered ·

Hi Catie, just tried it. The feature doesn't work now. Seem the login page upgraded and this feature is not supported now.

Will investigate more and keep you updated.

Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Catie Sessions avatar image
Catie Sessions answered ·

Sorry, any updates on this?

Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Embbnux Ji avatar image
Embbnux Ji answered ·

Hi Catie, the feature is failed by security upgrading in RingCentral login page.

For now, I think we can build a RingCentral API proxy server, and set appServer of the Embeddable to this proxy server. The Embeddable can get RingCentral token, refresh token by this server and request RingCentral API by this proxy server. And the proxy server can share RingCentral token with your RingCentral backend app.

Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Catie Sessions avatar image
Catie Sessions answered ·

Thanks for the update. What do we need to do on our end?

Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.