What are the steps and info on creating & using JWT token ?
RingCentral API documentation is the worst documentation by a major company that I have ever encountered. So many circular references and ambiguous language, it is so frustrating to try to figure out how this shit works! Can't RC hire a competent documentation writer?
For example, this is a direct quote from a documentation page: "The key to groking how RingCentral uses JWTs is in understanding that JWTs are not used directly to call the API."
WTF is "groking"?
We are trying to figure out this JWT Authentication workflow, which, to restate my frustration, makes no sense. Documentation states that the JWT has to be created by a user, but only users who have access to the Dev Console can create JWT. How, then, are we supposed to create JWT for the other users? In the Password Flow, we have to provide username and password to authenticate the user and obtain a token for that user, but in JWT there is no way to identify which user is requesting the token. I cannot find any information about how this is handled.
@Tom - thank you for your feedback. I understand how things can be frustrating at times, but in the future I kindly ask that you not use profane language. I am the author of much of our documentation, so will do my best to answer your questions.
For example, this is a direct quote from a documentation page: "The key to groking how RingCentral uses JWTs is in understanding that JWTs are not used directly to call the API."
WTF is "groking"?
The term "grok" is perhaps an obscure literary reference from Robert A. Heinlein's Stranger in a Strange Land. A great book even if it is a little dated. He coined the term, but hackers began using it long ago. From the Hacker's Dictionary:
To understand. Connotes intimate and exhaustive knowledge. When you claim to 'grok' some knowledge or technique, you are asserting that you have not merely learned it in a detached instrumental way but that it has become part of you, part of your identity.
Writing documentation, much less reading it, can sometimes be droll. That is why I at times try to introduce some levity or frivolity in my docs. Just to keep things interesting.
Moving on. Regarding your frustration about creating JWT tokens... your concern has been raised by others as well, and we have tried to adapt our documentation to address what I perceive as a fundamental misunderstanding of what problems JWT is optimized to solve.
I tried to capture that in a recent article I posted to the community to guide them in migrating away from password auth. The hard part is not the coding - it is selecting the best auth methodology. If a developer encounters the feeling, "OMG, how can I possible create JWTs for all the user's of my app?" Then chances are you have selected the wrong auth method. JWT is not designed for authing many different users. It is optimized for apps that need to collect a small and finite number of credentials to operate properly in the background. If you need to have many individual users auth, I strongly recommend you use the authorization code flow, a.k.a. "OAuth."
Thank you for your question. I hope this helps.
That's great, but how do we create JWT tokens for all of our users? And our customers' users? Why isn't there an automated way or an API to do this?
How to use JWT is documented in great detail with our Developer Guide. I will refer you to the following resources to learning how JWT works on a variety of different levels.
Here is a page from our getting started section which walks you through the process of creating an JWT credential.
Once a credential has been created, the JWT Quick Start guide in our Authentication section covers how to use it within your code.
Finally, for a detailed walk-through of JWT, in case you need to implement the protocol in your own home-grown SDK can be found here: https://developers.ringcentral.com/guide/authentication/jwt-flow
But there is one other thing that should be mentioned given comments below: please make sure JWT is the best auth method for your application. JWT is designed for server-to-server auth. And while you can use it in other use cases, it was not designed for them, and therefore may have unintended consequences -- like creating the challenge of collecting and managing tons of JWT credentials on behalf of users. If you find yourself in this situation, you are encouraged to look more closely at the authorization code flow.
A new Community is coming to RingCentral!
Posts are currently read-only as we transition into our new platform.We thank you for your patience
during this downtime.
Try Workflow Builder
Did you know you can easily automate tasks like responding to SMS, team messages, and more? Plus it's included with RingCentral Video and RingEX plans!Try RingCentral Workflow Builder
