Can't get token on new sandbox application

  • 1
  • Problem
  • Updated 2 years ago
  • Not a Problem
I am adding new permissions to our app. Per previously asked questions, I saw that we should create a new app and use that before we merge the new permissions in. So, I created a new app. This app is identical to the old app except for it has new key/secret. All usernames/extensions/passwords are the same. 

THE PROBLEM:

When i send a /restapi/oauth/token request with the CURRENT encoded key/secret it works fine, BUT with the new encoded key/secret, I get the following:

{"error":"unauthorized_client","error_description":"Unauthorized for this grant type"}
Photo of Travis Carona

Travis Carona

  • 240 Points 100 badge 2x thumb

Posted 2 years ago

  • 1
Photo of Benjamin Dean

Benjamin Dean, Alum

  • 8,642 Points 5k badge 2x thumb
What is the Platform Type of the newly created application please?

If it is anything other than "Server Only (No UI)" then what the error relates to is the fact that you must implement the Authorization Flow (3-Legged OAuth) for your application instead of the ROPC (Password Credentials Flow).

3-Legged OAuth (Authorization Flow) is implemented in multi-tenant applications, such as CRM integrations.

2-Legged OAuth (Password Credentials Flow) is implemented only in single-tenant (admin only) integrations, such as an account-wide call-log data archiving integration.

You can quickly determine which type of authentication your application needs to implement by:

1. Logging into the Developer Portal: https://developers.ringcentral.com
2. Find and open your application from within the "My Apps" page
3. Open the "Settings" section for your application
4. View "App Type & Platform" to see the settings for your applications Platform Type
5. View "OAuth Settings" to know which type of Authentication flow your app needs to implement (this is defined by the Platform Type)

For example, the screenshot below shows what a 3-Legged OAuth (Authorization Flow) type application might see in the Developer Portal...



Here are some helpful demos (in multiple languages) for implementing 3-Legged OAuth with RingCentral:
https://github.com/grokify/ringcentral-demos-oauth
Photo of Travis Carona

Travis Carona

  • 240 Points 100 badge 2x thumb
Ok, so did this change just recently? Because I used the same App/Platform Types in my Prod setup, but it was letting us use Password Flow. Please see the image below. Also, will our existing auth functionality need to change over as well? 


Photo of Travis Carona

Travis Carona

  • 240 Points 100 badge 2x thumb
Also, I failed to mention, the use of our application is in fact single tenant. We are looking to use the API as more of an omniscient admin view, if it makes a difference.
Photo of Benjamin Dean

Benjamin Dean, Alum

  • 8,642 Points 5k badge 2x thumb
This change was made since the creation of your first application (which was created back in January) to improve security of applications.

For applications which require an admin-role backend (without any UI, and capturing data from the RingCentral API which needs an admin role to obtain), I would create a new application that has the Platform Type set to "Server Only (No UI)". This type will give you the AuthN flow you have in your existing application code (should not require any changes to your existing auth code).