Getting Started     Knowledge Base     Community     User Manuals     Ideas
News & Announcements User Community Developer Community

Welcome to the RingCentral Community

Please note the community is currently under maintenance and is read-only.

Search
Make sure to review our Terms of Use and Community Guidelines.
  Please note the community is currently under maintenance and is read-only.
Home » Developers
Is there a way to have my app link (in the app gallery) go directly to the auth page?
Tags: authentication
Jul 24, 2017 at 3:12pm   •   5 replies  •  0 likes
matt-spinks

I currently have an app in the app gallery, and it links to a web page where users can log in and use my app for their account. I'm using the three-leg authorization flow for authorization. And for the most part, this works great.


However, I would like to make the experience better for my users. And I would also like to make sure I am implementing the three-leg auth flow correctly.


The most serious problem occurs when a user clicks on the link from the app gallery and is directed to my app page, and then, they have to leave their desk (before logging in) and the page just sits there for more than 20 minutes. We are validating to prevent cross-site forgery, and the session variable is gone if they try to log in after it has been sitting there for more than 20 minutes. When that happens, they have to go through the auth flow twice (after they return to their desk).


The second problem is that it just seems like too many clicks. The user clicks on the link in the app gallery, and is then shown a page where they have to click another button to log in. And then they go through the login flow process. Of course I can show some marketing messages on that page and such, but we already have that in the app gallery page. I don't want to bombard them with marketing.


The third problem occurs when they are using the app, and their session times out, and they have to log in again. When that happens, my app redirects them to the login page, from which, again, they have to click on "log in" again, and then they are taken to the RingCentral auth page. It would be nice to just neatly direct them straight to the RingCentral auth page.


I'm fairly new to the OAuth process, and I am not completely sure that I am implementing it correctly. is this type of flow normal? Am I just not thinking of it correctly? It seems like I might be missing something, since there is still the issue of the session cross-site forgery variable becoming stale.


Thanks for the help.

5 Answers
matt-spinks answered on Jul 26, 2017 at 1:42pm  
Thanks Tyler. This was exactly what I needed. I had tried redirecting to the url directly (similar to these examples) earlier on, but now I realize that I was not encoding all the params properly, and was receiving an error. That, combined with the docs, led me to believe that it was not supported. Thanks for the help!

 0
Tyler Liu answered on Jul 25, 2017 at 5:54pm  
In case you prefer a C# sample: https://github.com/ringcentral/ringcentral-demos-oauth/tree/master/csharp-nancy/csharp-client-nancy

 1
Tyler Liu answered on Jul 25, 2017 at 5:53pm  
As far as I can tell, a form is not mandatory. You can build the url and redirect user to that url and it just work. Maybe the doc is wrong, or it doesn't list all the content-types that it supports.

Example:
https://github.com/ringcentral/ringcentral-demos-oauth/blob/master/javascript-express/app.js#L48
https://github.com/ringcentral/ringcentral-demos-oauth/blob/master/javascript-express/views/index.mu...
https://github.com/ringcentral/ringcentral-demos-oauth/blob/master/javascript-express/views/index.mu...

Even a form is required, you should be able to auto populate that form and auto submit it.

 1
matt-spinks answered on Jul 25, 2017 at 7:11am  
Thanks Tyler. I appreciate the response. I would love to redirect my users directly to the RingCentral auth page. But I don't seem to be able to. According to the docs, when I redirect users (to the RingCentral auth page) for my app, I have to submit "response_type", "client_id", "redirect_uri", and "state" using "application/x-www-form-urlencoded" (http://ringcentral-api-docs.readthedocs.io/en/latest/oauth/#authorization-code-flow). And that seems to be at the core of the issue I'm having. 

In order to pass those variables in that manner, I have to put them in a form and have the user click the submit button. And that's the extra click I'm talking about. According to what I have read in the docs and what I have tried, the only way to properly go to the RingCentral auth page is by using the form. And the form works fine. It's just that I would like my users to not have to click the form to be redirected to the RingCentral auth page.

Surely I am missing something. Do you have any code examples of how this might be done without using a form and a submit button? And just to be clear, this is what I am currently doing: I redirect my users to a login page on my domain, which has this form:
            <form action="@Model.RingCentralAuthUrl" method="GET" class="login-bottom">                 <p>                     <input type="hidden" name="response_type" value="code" />                     <input type="hidden" name="client_id" value="Model.AppKey" />                     <input type="hidden" name="redirect_uri" value="@Model.RedirectUri" />                     <input type="hidden" name="state" value="@ViewBag.State" />                     <input type="hidden" name="ReturnUrl" value="@ViewBag.ReturnUrl" />                     <button type="submit" class="btn btn-primary">Click Here</button>                 </p>             </form>&nbsp;
And then they click on that button and are taken to the RingCentral auth page. If you could provide some sort of example where I don't have to have the user click the form, I would greatly appreciate it.
Thanks

Matt

 0
Tyler Liu answered on Jul 24, 2017 at 6:02pm  
If you have full control of your own app, you can redirect user directly to RingCentral auth page. When users arrive at your page, you check whether they have logged in or not. If not, redirect them to RingCentral auth page. Thus users don't need to click any button on your page(avoid the too many clicks issue).

The third problem occurs when they are using the app, and their session times out, and they have to log in again.
There is way to keep the session alive. You need to refresh it: https://developer.ringcentral.com/api-docs/latest/index.html#!#RefRefreshTokenFlow


 0



A new Community is coming to RingCentral!

Posts are currently read-only as we transition into our new platform.

We thank you for your patience
during this downtime.

Try Workflow Builder

Did you know you can easily automate tasks like responding to SMS, team messages, and more? Plus it's included with RingCentral Video and RingEX plans!

Try RingCentral Workflow Builder

PRODUCTS
RingEX
Message
Video
Phone
OPEN ECOSYSTEM
Developer Platform
APIs
Integrated Apps
App Gallery
Developer support
Games and rewards

RESOURCES
Resource center
Blog
Product Releases
Accessibility
QUICK LINKS
App Download
RingCentral App login
Admin Portal Login
Contact Sales
© 1999-2024 RingCentral, Inc. All rights reserved. Legal Privacy Notice Site Map Contact Us