question

vanillasoft-. avatar image
vanillasoft-. asked ·

Authorize URI for Different Users, Same Browser

I have integrated the RingCentral 3-legged OAuth flow in my application, but I am facing a problem. I am using the Official C# SDK.

1. UserA is asked to enter his credentials in a RingCentral branded pop-up window.
2. UserA is asked to Authorize the application.
3. UserA is authenticated.

4. When user logs out of my application, I call Platform.Logout().

5. UserB logs into my application, and initiate the Authorization flow, instead of going to step1 above, my user is taken to step2.


If I realize step 5 using a different browser, the user goes to step1 as expected. 

How can I "reset" that RingCentral authorization window, so it always ask for login/username ??

Thank you.

topic-default
1 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

6 Answers

· Write an Answer
anton-nikitin avatar image
anton-nikitin answered ·
You can try to delete browser cookies for *. ringcentral.com. It should help.
Can you do it programmatically after you call Logout?

Anton 
Share
1 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

vanillasoft-. avatar image
vanillasoft-. answered ·
Hi.

I don't think it is possible to delete cookies for a different domain.


Share
1 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

benjamin-dean avatar image
benjamin-dean answered ·
Are you destroying the session upon logout?
Share
1 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

shawn avatar image
shawn answered ·
Is there any update on this? It doesn't look like it's possible to clear cookies for a different domain as they said. BTW, this is the same issue as this: RingCentral 3-Legged OAuth Does Not Prompt For Login Every Time -- and there's no solution there yet either
Share
1 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

anton-nikitin avatar image
anton-nikitin answered ·
Shawn, there are the following options to solve this I assume.
  • To have an API which forces logout if there is an authenticated session so that next oauth/authorize call will show credentials prompt
  • To have a parameter in oauth/authorize call to force it showing credentials prompt regardless of authenticated session presence
  • To have UI option to confirm or logout current user as a part of regular oauth/authorize flow
Can you advise if you are looking for particular option or any of them will satisfy your needs?
Share
1 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

matt-spinks avatar image
matt-spinks answered ·
I'm trying to find a solution for the same issue. Any one of these options would do. Have any of these been implemented?
3 comments Share
1 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

anton-nikitin avatar image anton-nikitin ·
We are working on implementation  to support such scenarios in a standard way. In the mean time try to use the following undocumented hack: add "force=true" parameter in query string when you call OAuth authorize. It will force logon screen to be shown every time.
0 Likes 0 · ·
matt-spinks avatar image matt-spinks ·
Thanks! I'll give it a shot.
0 Likes 0 · ·
matt-spinks avatar image matt-spinks ·
Using "force=true" in my param query did the trick. Thanks!
1 Like 1 · ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.