question

yash-patel avatar image
yash-patel asked ·

OAuth2 Authorization Flow Issue

Hi,

I am trying to use a three-legged authorization flow to authenticate a user in my application. However, I am having an issue in the first step, requesting an authorization code:

I try to make a POST request to  https://platform.devtest.ringcentral.com/restapi/oauth/authorize with response_type: code, client_id: APP_KEY, and redirect_uri: URL and I get a 405, method not supported.

What am I doing wrong?
topic-default
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

John Wang avatar image
John Wang answered ·
For the Authorization Code, flow, the user's browser must be redirected to the authorize URI. You should not POST to the URI either in your backend server code or in your browser code.

What language are you using?

We have demo apps in multiple languages here:

https://github.com/grokify/ringcentral-demos-oauth

Demos are available in C#, JavaScript (client and server-side), PHP, Python, and Ruby.

In the demos, the URL is generated by the SDK or the example code, and loaded into client-side JavaScript which opens a new window to the authorize URL. You can see an example of this here:

https://github.com/grokify/ringcentral-demos-oauth/blob/master/javascript-express/views/index.mustac...
Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

anton-nikitin avatar image
anton-nikitin answered ·
According to OAuth 2.0 spec you should use GET method, not POST. I believe this is the reason of the error you are getting. But I agree with John, you should try out our SDK if you find one for your language.
Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

yash-patel avatar image
yash-patel answered ·
The demo was really helpful for a sample on how to implement using JavaScript... HOWEVER, in the demo, I am able to log in successfully and after I click the authorize button, I receive a "DOMException: Blocked a frame with origin " http://127.0.0.1:8080"; from accessing a cross-origin frame" message in the console window and the popup window stays open... 

What is going on here? The expected result would be to see the access token in the original window. Any solutions?
Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

ak avatar image
ak answered ·
The " DOMException: Blocked a frame with origin " http://127.0.0.1:8080" ; from accessing a cross-origin frame" is due to the Same-origin security policy.

As the original window is trying to access the popup window which is enabled in a different origin ( https )

You are right. The moment you provide your credentials on the popup window, the token information  would be passed to the original window in the Demo app. However, if the popup window stays open, I would make sure to see the Line 38 and Line 42 is not commented within index.html

If you wish to preview the Demo using TLS option, kindly take a look at the javascript-express folder.
https://github.com/grokify/ringcentral-demos-oauth/tree/master/javascript-express
Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Anirban Sen Chowdhary avatar image
Anirban Sen Chowdhary answered ·

When you get HTTP 405, method not supported that means your HTTP method for calling the API is not correct.

Generally https://platform.devtest.ringcentral.com/restapi/oauth/authorize is a GET method used in browser to get code and exchange it with token. If you are using POST, you are expected to get that issue

Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.