question

Smit Shah avatar image
Smit Shah asked Byrne Reese answered

In Public app how we resolve Error OAU-251 Unauthorized for this grant type

We make use of your call log API and Send SMS API, as well as WebRTC browser calling.

For Call log & Send SMS API we have console app and for WebRTC Browser calling we have Web project.

We first established App1 and set up a private app with passwords flow and it worked, but we need to transfer this app into production and we can't figure out how to do it.

We don't require a private app, so we make a public one. Because password flow isn't possible in public app, we use a "3-legged OAuth flow authorization code," or " JWT auth flow" but the API isn't called, and an error is returned like .

We use your JS for WebRTC browser calling as well, but when I login, the same error appears. Our second issue is that we need to authenticate for WebRTC calling, but we can't use a second app client/Secret Id.

Our third worry is how we safeguard client id and secret id, password, and other sensitive information when we use WebRTC login or bypass this, because your entire code is written in JS and is visible in inspect.

PFA, for better clarity in integrations, code sandbox, platform, and other areas.

Anticipation for your cooperation. We are waiting for your response.

Response

 StatusCode: 400, ReasonPhrase: 'Bad Request', Version: 1.1, Content: System.Net.Http.StreamContent, 
 HTTP Headers: 
 {
 Connection: keep-alive
 Vary: Origin
 Vary: Access-Control-Request-Method
 Vary: Access-Control-Request-Headers
 RCRequestId: 69b22dec-9b72-11ec-aa86-005056bb915a
 Pragma: no-cache
 AceRoutingKey: sjc11-c01-ace01-7455cc4c98-d5rcm_10.24.109.20
 RoutingKey: SJC11P01
 Cache-Control: no-store
 Date: Fri, 04 Mar 2022 04:20:24 GMT
 Server: nginx
 Content-Length: 201
 Content-Language: en
 Content-Type: application/json
 }
    
 Content: {
   "error" : "unauthorized_client",
   "errors" : [ {
     "errorCode" : "OAU-251",
     "message" : "Unauthorized for this grant type"
   } ],
   "error_description" : "Unauthorized for this grant type"
 }

Request

 Method: POST, RequestUri: 'https://platform.devtest.ringcentral.com/restapi/oauth/token', Version: 1.1, Content: System.Net.Http.FormUrlEncodedContent, Headers:
    
 {
 X-User-Agent: Unknown/0.0.1 RingCentral.Net/5.13.0
 Authorization: Basic TnZodDFpaEdRWUd5QlhrY0lJaldqQTp2T2s2NnRkbVFheWxvcjNVNVk5RDBnZ2tjcnlwUHFTMXV5aUZDV0NaRGMwQQ==
 Content-Type: application/x-www-form-urlencoded
 Content-Length: 79
 }
    
 Content: <content has been disposed by HttpClient: https://github.com/dotnet/corefx/issues/1794>
ringcentral appsms and text messagingcall logs
2 comments
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Byrne Reese avatar image Byrne Reese ♦♦ commented ·

Clarifying question: help me understand why you need two different client IDs, and be sure to articulate what each client ID is responsible for functionally within your solution.

0 Likes 0 ·
Byrne Reese avatar image Byrne Reese ♦♦ commented ·

Send me a link to the JS SDK you are using so that I can see if it supports JWT auth. Please also include a code snippet of how you are passing auth credentials to this SDK.

0 Likes 0 ·

1 Answer

Byrne Reese avatar image
Byrne Reese answered

There is a lot to unpack here. So let's work through issues one at a time.

"Unauthorized for this grant type" error

There are multiple circumstances when this can occur. It is possible you are trying to pass credentials that are not compatible with the declared and/or authorized grant type.

For example, you may be trying to perform JWT auth, but your app may be configured for a different auth method. Or vice-versa. By default, apps can only be configured for one auth methodology. On the backend, we have the power to expand that if need be, but you should at least be aware of that limitation.

Another possible explanation is in the SDK itself - it may not yet support JWT authentication.

Our third worry is how we safeguard client id and secret id, password, and other sensitive information when we use WebRTC login or bypass this, because your entire code is written in JS and is visible in inspect.

You should be used the auth code flow with PKCE (pronounced "pixie") support. That is the recommended way to help protect your client ID and secret. It is indeed the recommended approach for all classic OAuth flows to be honest as it is far and away much more secure and resilient against replay and man-in-the-middle attacks.

1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Developer sandbox tools

Using the RingCentral Phone for Desktop, you can dial or receive test calls, send and receive test SMS or Fax messages in your sandbox environment.

Download RingCentral Phone for Desktop:

Tip: switch to the "sandbox mode" before logging in the app:

  • On MacOS: press "fn + command + f2" keys
  • On Windows: press "Ctrl + F2" keys