question

Aleksandar Misljenovic avatar image
Aleksandar Misljenovic asked Phong Vu answered

Is there any way to find out application scopes for which I have via clientId created JWT?

Hi,

I am currently working on a use case involving JWT (JSON Web Token) authentication. In this scenario, clients will generate JWTs for my application using a specific client ID of my application. A potential requirement we are considering is for clients to be aware of the permission scopes that have been enabled for my application.


Could you please advise if there is a mechanism available for users of my application to access this information regarding the permission scopes associated with the JWTs created via the client ID?


Best regards,

Aleksandar Misljenovic

ringcentral apppermissions
1 |3000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Phong Vu avatar image
Phong Vu answered

If you want to list all the scopes of your application, you can grab them from the app settings by logging into your RingCentral developers portal and open the app settings page. Or you can generate your own JWT token and try to authenticate your app and check the token object to detect the list of app scopes. Here is a sample of a token object.

{
  access_token: 'xxxx',
  token_type: 'bearer',
  expires_in: 3600,
  refresh_token: 'yyyy',
  refresh_token_expires_in: 604800,
  scope: 'CallControl ReadContacts ReadAccounts EditPresence EditAccounts ReadMessages Faxes ReadPresence RingOut SMS',
  owner_id: '6228832xxxx',
  endpoint_id: 'nINYgVelRAW-'
}

However, some app scope is an umbrella and it might cover more features than what your app actually provides, e.g. with the "CallControl" scope your app can receive telephony session event notifications, it can answer a call, terminate a call or monitor a call programmatically etc.

Therefore, it's your responsibility to list the features (in descriptive words) that your app provides to your users. You can create the list based on the platform APIs your app would call.

1 |3000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Developer sandbox tools

Using the RingCentral Phone for Desktop, you can dial or receive test calls, send and receive test SMS or Fax messages in your sandbox environment.

Download RingCentral Phone for Desktop:

Tip: switch to the "sandbox mode" before logging in the app:

  • On MacOS: press "fn + command + f2" keys
  • On Windows: press "Ctrl + F2" keys