Reputation: 3483
RingCentral Auth Token Failed in Curl Call - "Unauthorized for this grant type"
I am trying to get an auth token from the RingCentral auth token /restapi/oauth/token endpoint with cURL but it fails with the error:
400 Bad Request
{
"error": "unauthorized_client",
"error_description": "Unauthorized for this grant type",
"errors": [
{
"errorCode": "OAU-251",
"message": "Unauthorized for this grant type"
}
]
}
This is what I have tried:
curl -X POST "https://platform.devtest.ringcentral.com/restapi/oauth/token" \
-H "Accept: application/json" \
-H "Content-Type: application/x-www-form-urlencoded" \
-u "clientId:clientpassword" \
-d "username=username&password=password&extension=101&grant_type=password"
Upvotes: 3
Views: 3572
Answers (1)
Reputation: 16354
OAuth 2.0 Password Flow
You're making an OAuth 2.0 request using the OAuth 2.0 password grant (grant_type=password), also known as "Password flow" in the RingCentral Developer Portal and formally as the "Resource Owner Password Credentials" grant in the OAuth 2.0 IETF RFC 6749 standard.
In order to use the password flow, your application must support the Password flow Authorization Type as sown in the screenshots below.
To use this flow, your app needs to fulfill two criteria:
- Be able to protect the client secret: application credentials include a client id and a client secret. For the password flow, the client secret must be protected from end users, e.g. on a secure server app. It cannot be used with a browser-only client-side app because end-users would be able to inspect and retrieve the client secret.
- Be a private app: the password flow requires the app owner to have access to the resource owner's (aka end user) password. Because of this, it can only be used with private apps where the app owner and the resource owner are in the same organization. It is not supported for public apps because passwords should not be made available app developers.
To use this grant type, you need to make sure your app is configured to have the Password flow grant in the RingCentral Developer Portal as shown below:
Create App Wizard
When creating an app, make sure to ensure "Password flow" is selected. Your options are based on on the "Application type" and "Platform type" for your app, which in turn are related to the security specifications of your app.
Here is an animated GIF showing various app to OAuth grant settings.
App Settings Page
To verify an existing app has "Password flow" enabled, go to the app's "Settings" page's "OAuth Settings" section and verify Password flow is present.
Here's some information on the password grant in IETF RFC 6749:
https://www.rfc-editor.org/rfc/rfc6749#section-1.3.3
Upvotes: 3
Related Questions
- Oauth2 access token returns "invalid client" error
- Bearer Authorization denied in api using cURL
- How to remove refresh token from OAuth call in RC
- Why am I getting a 400 bad request when I define different URIs for Authenticate and Request Token API calls?
- curl: Could not resolve host: Authorization
- Google Calendar "Unauthorized WebHook callback channel" error
- How do you authenticate with durable credentials to RingCentral's API?
- RingCentral JavaScript SDK (HTTP 400 - Unauthorized for this grant type)
- curl 401 Unauthorized error
- OAuth unsupported_grant_type