Authorize URI for Different Users, Same Browser

  • 1
  • Question
  • Updated 2 months ago
I have integrated the RingCentral 3-legged OAuth flow in my application, but I am facing a problem. I am using the Official C# SDK.

1. UserA is asked to enter his credentials in a RingCentral branded pop-up window.
2. UserA is asked to Authorize the application.
3. UserA is authenticated.

4. When user logs out of my application, I call Platform.Logout().

5. UserB logs into my application, and initiate the Authorization flow, instead of going to step1 above, my user is taken to step2.


If I realize step 5 using a different browser, the user goes to step1 as expected. 

How can I "reset" that RingCentral authorization window, so it always ask for login/username ??

Thank you.
Photo of VanillaSoft .

VanillaSoft .

  • 80 Points 75 badge 2x thumb

Posted 2 years ago

  • 1
Photo of Anton Nikitin

Anton Nikitin, Official Rep

  • 2,894 Points 2k badge 2x thumb
You can try to delete browser cookies for *.ringcentral.com. It should help.
Can you do it programmatically after you call Logout?

Anton 
Photo of VanillaSoft .

VanillaSoft .

  • 80 Points 75 badge 2x thumb
Hi.

I don't think it is possible to delete cookies for a different domain.
Photo of Benjamin Dean

Benjamin Dean, Alum

  • 8,642 Points 5k badge 2x thumb
Are you destroying the session upon logout?
Photo of Shawn

Shawn

  • 80 Points 75 badge 2x thumb
Is there any update on this? It doesn't look like it's possible to clear cookies for a different domain as they said. BTW, this is the same issue as this: RingCentral 3-Legged OAuth Does Not Prompt For Login Every Time -- and there's no solution there yet either
Photo of Anton Nikitin

Anton Nikitin, Official Rep

  • 2,894 Points 2k badge 2x thumb
Shawn, there are the following options to solve this I assume.
  • To have an API which forces logout if there is an authenticated session so that next oauth/authorize call will show credentials prompt
  • To have a parameter in oauth/authorize call to force it showing credentials prompt regardless of authenticated session presence
  • To have UI option to confirm or logout current user as a part of regular oauth/authorize flow
Can you advise if you are looking for particular option or any of them will satisfy your needs?
Photo of Matt Spinks

Matt Spinks

  • 532 Points 500 badge 2x thumb
I'm trying to find a solution for the same issue. Any one of these options would do. Have any of these been implemented?
Photo of Anton Nikitin

Anton Nikitin, Official Rep

  • 2,854 Points 2k badge 2x thumb
We are working on implementation  to support such scenarios in a standard way. In the mean time try to use the following undocumented hack: add "force=true" parameter in query string when you call OAuth authorize. It will force logon screen to be shown every time.
Photo of Matt Spinks

Matt Spinks

  • 532 Points 500 badge 2x thumb
Thanks! I'll give it a shot.
Photo of Matt Spinks

Matt Spinks

  • 532 Points 500 badge 2x thumb
Using "force=true" in my param query did the trick. Thanks!