OAuth2 Authorization Flow Issue

  • 1
  • Problem
  • Updated 3 years ago

I am trying to use a three-legged authorization flow to authenticate a user in my application. However, I am having an issue in the first step, requesting an authorization code:

I try to make a POST request to https://platform.devtest.ringcentral.com/restapi/oauth/authorize with response_type: code, client_id: APP_KEY, and redirect_uri: URL and I get a 405, method not supported.

What am I doing wrong?
Photo of Yash Patel

Yash Patel

  • 122 Points 100 badge 2x thumb
  • frustrated

Posted 3 years ago

  • 1
Photo of John Wang

John Wang, Official Rep

  • 5,826 Points 5k badge 2x thumb
For the Authorization Code, flow, the user's browser must be redirected to the authorize URI. You should not POST to the URI either in your backend server code or in your browser code.

What language are you using?

We have demo apps in multiple languages here:


Demos are available in C#, JavaScript (client and server-side), PHP, Python, and Ruby.

In the demos, the URL is generated by the SDK or the example code, and loaded into client-side JavaScript which opens a new window to the authorize URL. You can see an example of this here:

Photo of Anton Nikitin

Anton Nikitin, Official Rep

  • 3,024 Points 3k badge 2x thumb
According to OAuth 2.0 spec you should use GET method, not POST. I believe this is the reason of the error you are getting. But I agree with John, you should try out our SDK if you find one for your language.
Photo of Yash Patel

Yash Patel

  • 122 Points 100 badge 2x thumb
The demo was really helpful for a sample on how to implement using JavaScript... HOWEVER, in the demo, I am able to log in successfully and after I click the authorize button, I receive a "DOMException: Blocked a frame with origin ""; from accessing a cross-origin frame" message in the console window and the popup window stays open... 

What is going on here? The expected result would be to see the access token in the original window. Any solutions?
Photo of AK

AK, Official Rep

  • 4,412 Points 4k badge 2x thumb
The "DOMException: Blocked a frame with origin ""; from accessing a cross-origin frame" is due to the Same-origin security policy.

As the original window is trying to access the popup window which is enabled in a different origin ( https )

You are right. The moment you provide your credentials on the popup window, the token information  would be passed to the original window in the Demo app. However, if the popup window stays open, I would make sure to see the Line 38 and Line 42 is not commented within index.html

If you wish to preview the Demo using TLS option, kindly take a look at the javascript-express folder.