How can I implement SingleSignOn when connecting to RingCenral using ringcentral-csharp-client SDK?

  • 1
  • Question
  • Updated 4 months ago
How can I implement SingleSignOn when connecting to RingCenral using ringcentral-csharp-client SDK? We have an inhouse application which instantiates RCclient, in this stage of development we are connecting using main account credentials. Unfortunately we are running into API limits since the app may have many instances (up to 100) for each of our users.

We do not want to ask for RC credentials as we already have SingleSingOn using Office365 working.

Is there a way to make this work with RC connection programmatically?
Photo of Adam Antoszewski

Adam Antoszewski

  • 300 Points 250 badge 2x thumb

Posted 4 months ago

  • 1
Photo of Tyler Long

Tyler Long, Official Rep

  • 8,152 Points 5k badge 2x thumb
Hi Adam, I don't quite understand what you want to do here.

Is SingleSignOn a solution for the rate limit issue?  I don't think so. No matter how you sign on, you will have rate limit issue as long as you make too fast requests.

At if all your 100 instance share the same RC credentials, only 5 of them could have active access token at a time. That's a limitation of RC Rest API.
Photo of Adam Antoszewski

Adam Antoszewski

  • 300 Points 250 badge 2x thumb
Our users sign in to the app using SingleSignOn. So we would like create a session with RC under their credentials (phoneNumber and password are used by ringcentral-csharp-client) in order to stay within the limits of tokens and APIs.
We don't want to ask users for their RC credentials.
Photo of Phong Vu

Phong Vu, Devangelist

  • 3,102 Points 3k badge 2x thumb
Hi Adam,

Please read this article as it would guide you to setup SSO for your account users.
https://success.ringcentral.com/articles/en_US/RC_Knowledge_Article/1149

Your frontend app (c# or what ever) will need to implement 3-legged authentication in order to login with SSO.

Hope this helps,
+ Phong
(Edited)
Photo of Adam Antoszewski

Adam Antoszewski

  • 300 Points 250 badge 2x thumb
Our company has implemented SSO for RingCentral access. I also have a test application working with ringcentral-demos-oauth project which redirects to https://service.ringcentral.com.
User then logs in via SSO, but how do I get the token back?
Photo of Adam Antoszewski

Adam Antoszewski

  • 300 Points 250 badge 2x thumb
Also, getting this error when running ringcentral-client-oauth project with "Blocked a frame with origin "http://localhost:8080"; from accessing a cross-origin frame." when expecting token to come back from https://service.ringcentral.com after successful SSO.
Photo of Tony Li

Tony Li

  • 60 Points
In order to do the 3-legged OAuth login flow, you will need to bring up a pop-up browser window and set the 3-legged OAuth URL there. For the security reason, the 3-legged OAuth flow should never happen inside an iframe, which has been explicitly blocked by x-frame-options. It's very similar to the login flow when you try to login this devcommunity.ringcentral.com app with Google ID, you will see the Google login page is brought up in a pop-up instead of being rendered in an iframe.

The above behavior will be enforced in the new version of login page, so for now, embedding "https://service.ringcentral.com" in an iframe will still work.

The problem you encountered with the error - "Blocked a frame with origin "http://localhost:8080"; from accessing a cross-origin frame." - might be the inconsistency of protocol, where your main page is using "http", but iframe is using "https".
(Edited)
Photo of Corey Tenney

Corey Tenney

  • 302 Points 250 badge 2x thumb
Adam, did you ever get an answer.  We have a HUGE problem with this because we want to automate the download of call logs into the datawarehouse, but can obviously not use SSO since someone would have to "click" to make this happen.

Corey
Photo of Adam Antoszewski

Adam Antoszewski

  • 300 Points 250 badge 2x thumb
I ended up going with a different solution, as even the SSO required the credentials then storing them locally for what our application needs. Instead of using one admin set of credentials and executing all API calls under it, then possibly running into the limits; we have 4 sets. These are the admins of our RC system. I monitor the API usage per minute, then when we get close to the limit, we switch to a new connection under another set of credentials in round-robin fashion. This is working fine as it rarely happens in peak times. Also, when we first connect to RingCentral, we cache all users and userPresence as reference of extension id's. We use this for processing of incoming event notifications.
Also, ringcentral-csharp-client is going to be extended soon to include values from the header. The header holds number of available API calls, so it will simplify some of my logic as I keep track of it now.