Articles

Use Authorization Code and PKCE for RingCentral API for Client App

,

RingCentral APIs use OAuth 2.0 for authorization. But which grant flow is the best practice for client-side apps, such as desktop, mobile app, and web (Single Page Apps)? The answer to that is authorization code with Proof Key for Code Exchange. In this article, I will introduce and show you how to implement authorization code with PKCE flow in Single Page Apps.

Useful Links

  1. RingCentral APIs reference: Authorization in RingCentral APIs.
  2. IETF link: Proof Key for Code Exchange by OAuth Public Clients.

Authorization Code and Implicit Grant Flow

Authorization Code Grant Flow

We can get the full steps of authorization code grant flow in the following diagram. A third-party app will need the RingCentral client ID and client secret to exchange and refresh the access token. The third-party app will stay authorized if it refreshes the RingCentral access token before the refresh token has expired, and will get a new refresh token and access token when it refreshes.

Source de l’article sur DZONE

/par

Open Policy Agent, Part I – The Introduction

,

Recently I was looking for a way to implement access control for microservices. I needed a solution that would allow defining complex authorization rules that could be enforced across many services. After searching the web, I discovered a very promising Open Policy Agent project that seems to be the right tool for the job. In this series of three blog posts, I am going to introduce Open Policy Agent to you and highlight how it can help you.

What Is Open Policy Agent?

Open Policy Agent (OPA) is a policy engine that can be used to implement fine-grained access control for your application. For example, you can use OPA to implement authorization across microservices. However, there is much more that can be accomplished with OPA.

Source de l’article sur DZONE

/par