Randomly getting OAU-142 - "Login to account in current state is not allowed" on token refresh

  • 1
  • Problem
  • Updated 4 months ago
We have several clients that are utilizing RingCentral integration with our application. We refresh the OAuthTOken using the RefreshToken once we see that the OAuthToken has expired (past its expiry date).

This seems to all work well and good for days, weeks, even months but sometimes the refresh process fails with the following error:

"error" : "invalid_grant",
"error_description" : "Login to account in current state is not allowed",
"errors" : [

{ "errorCode" : "OAU-142", "message" : "Login to account in current state is not allowed" }

]

My question is  - what causes this error? I wish we could just ignore and try to refresh again but all subsequent refreshes fail with error 'Token not found' because the old refresh token is invalidated. This means the clients need to re-authorize their credentials.

My question is what causes this initial "Login to account in current state is not allowed" error? And what can we do to prevent it?

Thank you.

Photo of Hunter Steele

Hunter Steele

  • 80 Points 75 badge 2x thumb
  • sad

Posted 4 months ago

  • 1
Photo of Embbnux Ji

Embbnux Ji, Employee

  • 370 Points 250 badge 2x thumb
Hi, Hunter. Can you show how you get token. Token refresh flow only works for token that created by authorization code flow and password flow grant.

Thanks
Photo of Hunter Steele

Hunter Steele

  • 80 Points 75 badge 2x thumb
We use 'authorization code flow'.
A request is made to your authorization page, an authcode is redirected to our servers which then requests a token.

We followed the instructions from here:
http://ringcentral-api-docs.readthedocs.io/en/latest/oauth/#authorization-code-flow

As I said, this works fine and the token is refreshed correctly numerous times.
Photo of Anton Nikitin

Anton Nikitin, Official Rep

  • 2,674 Points 2k badge 2x thumb
Hunter,

it happened if Customer account or extension state is changed so that the backend cannot allow this user to log in anymore. In reality it may correspond to the following situation:

* Customer account is cancelled
* Customer account is disabled
* Customer account is suspended because of inability to charge credit card on file
* User extension is disabled by administrator

The client app cannot do anything to prevent it - it is out of its control. The only thing which can and should be done is to properly handle such condition - show login form again. Once end-user will try to login again it will be (most likely) informed of what is causing inability to sign in.