Skip to content
Quick demos on how to use 3-legged OAuth with RingCentral REST API.
HTML C# PHP JavaScript Python Smarty Other
Branch: master
Clone or download
Pull request Compare This branch is 5 commits behind ringcentral:master.
Latest commit b11ce3d Nov 21, 2017
Type Name Latest commit message Commit time
Failed to load latest commit information.
_images Update screenshots for Unified Login (ringcentral#20) Nov 21, 2017
csharp-nancy Add demo for csharp-client project Aug 22, 2016
javascript update docs May 1, 2016
php 3Legged OAuth feature using platform methods (ringcentral#17) Dec 6, 2016
python-bottle update python May 1, 2016
ruby-sinatra Update Ruby demo (ringcentral#18) Jun 20, 2017
.gitattributes Add demo for CSharp Apr 27, 2016
.gitignore 3Legged OAuth feature using platform methods (ringcentral#17) Dec 6, 2016
LICENSE.txt initial commit Apr 24, 2016 Update screenshots for Unified Login (ringcentral#20) Nov 21, 2017

RingCentral OAuth Demos

Stack Overflow Chat

This project provides 3-legged OAuth demos using the OAuth 2.0 Authorization Code flow for the RingCentral REST API in various languages using official and community SDKs as described in the API Developer Guide.

The authorization code flow is useful for developers because developers have to do less work and the user is presented with a familiar user experience. It accomplishes these goals by redirecting to RingCentral to mange the authentication, authorization, reset password and single sign-on (SSO) flows using a consistent user experience.

The demos use the popup approach for 3-legged OAuth.

Demos are provided for:


From a development perspective, the application needs to make 2 HTTP requests:

  1. Request for Authorization Code: The application should open a window that is directed to the RingCentral authorization URL that will present the authentication and authorization flows. Upon completion, the window will redirect to the apps redirect URL (provided in the authorization URL or default if only 1 redirect URL is configured). An optional state parameter can be provided for additional security.
  2. Request for Access Token: When the window is redirected back successfully, it will include the following query string parameters: code for the authorization code and state for the state. Assuming the state matches, exchange the authorization code for an access_token with optional refresh_token.

The examples here show both of the two above steps and integrate with existing SDKs where available.

For a step-by-step guide, see the RingCentral API Developer Guide section on Authorization Code Flow.

Server-Side Web Apps

In server-side web app such as PHP, Rails, Django, etc. where the operations occur are slightly different. In these cases, the callback URL should process the callback to retrieve the authorization code and exchange it for an access token.

Page Description
Login page This is any page with a Login button. This page will open the popup and listen for the redirect, after which it will shut down the popup window. There's no need to do any client-side processing except to shutdown the popup and refresh the page.
Callback page The callback query string will be processed server-side. Nothing is needed client-side.

Client-Side Web Apps

Client-side web apps using JavaScript have a feature in that the callback URL does not need to contain any processing either on the client-side or the server-side. The entire flow can be managed by the parent JavaScript page that is initiating the login.

Page Description
Login page This is any page with a Login button. This page will open the popup and listen for the redirect. For client-side processing, this page will also retrieve the query string parameters from the callback page.
Callback page The minimum requirement is for the page to not be redirected to a URL without the redirect_uri since the parent window will poll for the redirect.


The following are example screenshots of the steps the user is presented with on a new login.

  1. email/phone number selection
  2. authentication and
  3. authorization

Email/Phone Number Selection





  1. Fork it (
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request
You can’t perform that action at this time.