Question

Is it possible to create an Auth Code app without a physical login page - can it be done programmatically?

  • 16 December 2020
  • 3 replies
  • 826 views

Hi there

I need to create an app for using with Avaya Cloud Office. According to the documentation and when I create the app, I can only do this if my app is set up with "Auth Code" authentication, even though my app is only for members of my own organisation to use. I have created a working "private" app in the RingCentral Sandbox environment using password flow and my CRM, which I wrote, programmatically authenticates (no need for a physical login page or real person interaction; it is all automatic). This works perfectly using Password Flow.

However for my app to be graduated and migrated for use with Avaya Cloud Office I am only allowed to use Auth Code authentication (even though my app is private and only for members of my organisation to use) but from everything I have read and learnt "Auth Code" only works with a physical login page which requires a real person to physically interact and enter credentials into the login page. I need it all to work programmatically like it does with Password Flow. Please can anyone tell me if there is a way for an app using Auth Code to authenticate programmatically in a similar way that Password Flow does?


Or alternatively is it possible for me to simply use my private app which uses Password Flow authentication in Avaya Cloud Office (as it is only for members of my own organisation to use )?


Thank you very much for any help. I really appreciate it.

Matt


3 replies

The Authorization code grant_type is designed to involve a user so in that regard HTTP Client does the right thing with User's consent so it involve user's interaction everytime.

Authorization Code flow is meant to work with user interaction , that usually means logging into a web app that calls the API you are trying to authenticate into, and then consenting on the consent page.

refer:https://stackoverflow.com/questions/44338204/oauth2-authorize-with-no-user-interaction

https://stackoverflow.com/questions/56495738/retrieve-oauth-2-0-authorization-code-without-user-interaction

Ok thank you for your reply. In that case is there a way for me to use one admin user's login credentials for all my users in my web application to use on the login page, and also to set the token so it does not expire for 24 hours (once the user has logged in successfully)? I do not want my users having to login each time they want to access one call recording.

Thank you again for you r help.

@Anirban Just to add my private app is just for one user account to access. It is only for a member of our organisation to use. I really want to try and keep it as private (because only one account accesses it), graduate it, and make it access our production ACO (instead of RingCentral). We do not use RingCentral. Is this possible please?

Reply