Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

It doesn't support authorization code flow #14

Closed
tylerlong opened this issue Feb 7, 2018 · 5 comments
Closed

It doesn't support authorization code flow #14

tylerlong opened this issue Feb 7, 2018 · 5 comments

Comments

@tylerlong
Copy link
Contributor

tylerlong commented Feb 7, 2018
edited by grokify

Only password flow is supported.

https://devcommunity.ringcentral.com/ringcentraldev/topics/glip-bot-with-python
@grokify
Copy link
Contributor

grokify commented Feb 7, 2018
edited

I agree this should be added.

For reference, here is a demo app using authorization code with the SDK.

https://github.com/ringcentral/ringcentral-demos-oauth/tree/master/python-bottle

@tylerlong
Copy link
Contributor Author

In other SDKs, such as Java, C#...etc. We provide two methods to facilitate authorization code flow:

authorize_uri(redirect_uri, state) method returns an uri so that user could be redirected to this uri to start the authorization code flow.

authorize(auth_code = None, redirect_uri = None) method exchanges the auth_code for token.

It is good if this SDK could provide these two methods. So users don't have to do everything from scratch.

@kirill-konshin
Copy link
Contributor

kirill-konshin commented Feb 8, 2018
edited

We have an escape latch for this: if you get the tokens you can set them directly via

sdk.platform().auth().set_data(data)

@grokify
Copy link
Contributor

grokify commented Mar 4, 2018
edited

Providing better support for OAuth 2.0 Authorization Code flow is important because it is RingCentral's required OAuth flow for public apps and for all (public & private) Glip bots using the new bot provisioner (as requested in the OP). For websites, Authorization Code flow is a server-based flow designed for languages like Python, e.g. using Django. RingCentral also uses it for Glip bots now.

As mentioned, this support is in RingCentral's other official SDKs, including JavaScript, C#, Java, etc. In JavaScript, the Authorization Code is designed for server-based apps such as Node.js / Express apps, similar to the Python / Django use case here. Here is a RingCentral tutorial for server-side JavaScript which uses the Auth Code support:

https://github.com/ringcentral-tutorials/oauth-nodejs-demo

Since it was mentioned in a side conversation, client-side JavaScript apps are meant to use Implicit Grant flow as per the OAuth 2.0 RFC:

https://tools.ietf.org/html/rfc6749#section-1.3.2

The implicit grant is a simplified authorization code flow optimized for clients implemented in a browser using a scripting language such as JavaScript.

Here is a RingCentral tutorial on using Implicit Grant:

https://github.com/ringcentral-tutorials/oauth-implicit-js-demo

In addition to the example Python / Bottle code I created and posted above using this SDK, built-in Python authorization code support similar to our other official SDKs is available in this community Python SDK for reference:

https://github.com/tylerlong/ringcentral-python

@grokify grokify mentioned this issue Mar 4, 2018
Closed
@kirill-konshin
Copy link
Contributor

Fixed in 0.7.8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@grokify @tylerlong @kirill-konshin