question

ron-george avatar image
ron-george asked ·

Issue with OAUTH flow

I am trying to use the OAUTH flow. 

I am using the AppKey as my AuthId.  

I am receiving this error:

errorCode" : "TokenInvalid",  "message" : "Unparseable access token", 


I have been posting to the restapi/oauth/authorize address both with and without credentials. WI am using my appkey and appsecret for credentials.

This is the content I am posting:

response_type=code&client_id=beFrA7oCT5uKbmD7Da3Xiw&redirect_uri=https%3A%2F% 2Floancraft.net&state=block


Any thoughts on why I am receiving this TokenInvalid message?



topic-default
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

benjamin-dean avatar image
benjamin-dean answered ·
It means the token you are presenting to the /restapi/oauth/authorize endpoint is not in a valid format.

Here are several examples of how to use Authorization Flow in a variety of languages:  https://github.com/grokify/ringcentral-demos-oauth
Also, make sure your application is set to use "Authorization Flow".

Which language are you developing with please?
Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Tyler Liu avatar image
Tyler Liu answered ·
You shouldn't post to /restapi/oauth/authorize, you should redirect user to that page instead. And user login RingCentral and authorize your app.   Ref:  https://github.com/ringcentral/ringcentral-csharp-client/blob/master/RingCentral/RestClient.cs#L144

Once user authorized your app, the page will be redirected to your own page, where you can get an autoCode and post to /restapi/oauth/token to get access_token.  Ref:  https://github.com/ringcentral/ringcentral-csharp-client/blob/master/RingCentral/RestClient.cs#L169
Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

paritosh-gupta avatar image
paritosh-gupta answered ·
Hello
I trying to use RingCentral in my app.
So I followed  http://ringcentral-api-docs.readthedocs.io/en/latest/oauth/#authorization-code-flow and I can login with RingCentral Login PopUp but popup doesn't close after login.
And Auth code is returned in PopUp Modal so I can't get the auth code in my app(main browser).
And then How can I get the access token from auth code?
I called the API( https://platform.devtest.ringcentral.com/restapi/oauth/token) with returned code but it says "error": "invalid_client".

please help me.
Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

ak avatar image
ak answered ·
Question: So I followed  http://ringcentral-api-docs.readthedocs.io/en/latest/oauth/#authorization-code-flow and I can login with RingCentral Login PopUp but popup doesn't close after login.

AK: Could you please post the redirect code that you are using? By that I mean the code where you have implemented the popup. 

Question: I called the API( https://platform.devtest.ringcentral.com/restapi/oauth/token) with returned code but it says "error": "invalid_client".

AK: Could you please make sure the HTTP request headers and the Body resemble the one given here:  Get Token


Steps to Authorize using the OAuth2.0 
  1. Redirect the user to the Login Popup Page and once you receive the authorization code you would be redirected to your Original Page.
  2. Use the Auth Code to exchange for tokens ( access token/refresh token )  Get Token

We have a sample demo which you could refer to for:

Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Anirban Sen Chowdhary avatar image
Anirban Sen Chowdhary answered ·

The Authorization Code Flow, also referred to as a "3-legged authorization flow," is the most recommended approach of authenticating RingCentral users and every public apps follow this process.

It exchange to code token with access token.

Here is complete official docs with steps helps user to follow and understand the process:

https://developers.ringcentral.com/guide/authentication/auth-code-flow

Sample request:

POST /restapi/oauth/token
Accept: application/json 
Content-Type: application/x-www-form-urlencoded 
Authorization: Basic cmVsLWFsbC1wZXJtaXNzaWXFjMmpRZmlQcnlkSUkweE92QQ==code=U0pDMTFQMDFQQVMwMXxBQUJfTVpHWk5lM29zNVFmWnNHQ01MSmJuMHJmNGlRcnRaeEptTWlPS0MzUTdYRDdSTURiaHBuWHZINGM2WTdqaWlBOEVhRHNxRWdJVUNYQjd4dmJsWHJoVVlWQVN2SFo2YWJPanJsRkFWZk9SMm5lek0tWnF5d3h8C3AnYOPxO0flEwO6Ffoq9Tlqs1s&grant_type=authorization_code&redirect_uri=https%3A%2F%2Fmyapp.acme.com%2Foauth2redirect              

Hope this will help

Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.