search

ringcentral / ringcentral-python

RingCentral Connect Platform Python SDK
MIT License
44 stars 35 forks source link

It doesn't support authorization code flow #14

Closed tylerlong closed 6 years ago

tylerlong commented 6 years ago

Only password flow is supported.

https://devcommunity.ringcentral.com/ringcentraldev/topics/glip-bot-with-python

grokify commented 6 years ago

I agree this should be added.

For reference, here is a demo app using authorization code with the SDK.

https://github.com/ringcentral/ringcentral-demos-oauth/tree/master/python-bottle

tylerlong commented 6 years ago

In other SDKs, such as Java, C#...etc. We provide two methods to facilitate authorization code flow:

authorize_uri(redirect_uri, state) method returns an uri so that user could be redirected to this uri to start the authorization code flow.

authorize(auth_code = None, redirect_uri = None) method exchanges the auth_code for token.

It is good if this SDK could provide these two methods. So users don't have to do everything from scratch.

kirill-konshin commented 6 years ago

We have an escape latch for this: if you get the tokens you can set them directly via

sdk.platform().auth().set_data(data)
grokify commented 6 years ago

Providing better support for OAuth 2.0 Authorization Code flow is important because it is RingCentral's required OAuth flow for public apps and for all (public & private) Glip bots using the new bot provisioner (as requested in the OP). For websites, Authorization Code flow is a server-based flow designed for languages like Python, e.g. using Django. RingCentral also uses it for Glip bots now.

As mentioned, this support is in RingCentral's other official SDKs, including JavaScript, C#, Java, etc. In JavaScript, the Authorization Code is designed for server-based apps such as Node.js / Express apps, similar to the Python / Django use case here. Here is a RingCentral tutorial for server-side JavaScript which uses the Auth Code support:

https://github.com/ringcentral-tutorials/oauth-nodejs-demo

Since it was mentioned in a side conversation, client-side JavaScript apps are meant to use Implicit Grant flow as per the OAuth 2.0 RFC:

https://tools.ietf.org/html/rfc6749#section-1.3.2

The implicit grant is a simplified authorization code flow optimized for clients implemented in a browser using a scripting language such as JavaScript.

Here is a RingCentral tutorial on using Implicit Grant:

https://github.com/ringcentral-tutorials/oauth-implicit-js-demo

In addition to the example Python / Bottle code I created and posted above using this SDK, built-in Python authorization code support similar to our other official SDKs is available in this community Python SDK for reference:

https://github.com/tylerlong/ringcentral-python

kirill-konshin commented 6 years ago

Fixed in 0.7.8