question

Shanon Hart avatar image
Shanon Hart asked Phong Vu commented

Converting from password to JWT using API app - Unauthorized for this grant type

Although clearly this has been out there for some time, we weren't aware of the JWT requirements, so we have been trying in the last day to get this working for our client. We don't have our own RC account, and since it seems that the ability to send SMS has been removed, we can't try it on our own account. We are able to authenticate with JWT, just can't actually send an SMS message because the feature isn't available. We had the client create a new JWT application for production so that we wouldnt impact the existing password based application, but we can't even get that one to give an access token - we just get "Unauthorized for this grant type,Invalid Authorization header".

I've seen other posts suggesting that it can take some time, but it's been over 3 hours and we still can't get it to work. What other options might we have to troubleshoot this? If it helps, the clientid is aIQTZJnTatBbK49Tq5ioNd. Appreciate any tips or suggestions.

authentication
1 |3000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

3 Answers

Phong Vu avatar image
Phong Vu answered

I think you have 2 different apps and 2 different issues here.

The app name "Loglink Texting" (aIQTZJnTatBbK49Tq5ioNd) is a private app under your account which is a free-tier sandbox account. Since you don't have an associated production account, you cannot test your app in the production invironment (no production user), nor in your sandbox invironment (no longer supported SMS). So this app is not really useful.

Your customer who has a RingCentral production account cannot use the "Loglink Texting" app because the app is a private app to your sandbox account.

For this error "Unauthorized for this grant type, Invalid Authorization header". I assume that you try to authenticate your customer with their JWT token, but I don't know the app so I cannot check. Also you don't tell me how you use the JWT to get the access token so I don't know what could be wrong. Post the code (take off the real sensitive data) around your app authentication so I can help checking it.

1 |3000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Shanon Hart avatar image
Shanon Hart answered Phong Vu commented

Thanks Phong, but no, they have a private app that they created that we're trying to help them with, it's not our app; we created ours just to be able to test the authentication, which works fine for us in the sandbox environment, we just can't send a text to fully test it.

Since authentication works on our sandbox account, it shouldn't be code related. They have a private production app that is password based, and a new private app that we had them create for SMS and webhooks that is JWT. But whenever we try to authenticate with JWT for them on their new private app in production (just to be clear, it is using the appropriate values for their app, in terms of clientid/jwt/etc), it gives us the unauthorized message. Again though, the same code works fine for authenticating on our sandbox account; this sandbox app is useful in that we wanted to test that it works in general before having them set up a new app. I don't know if it's because they have 2 private apps, one that is now password based and one that is JWT based, or if there's something specific about this new one that is not allowing us to connect via JWT. We can certainly change the auth for the existing one, but if it doesn't work it will then break what is existing in production, which is why we had them create a new one. If it's possible to set up their existing one so it can work for either behind the scenes (we couldn't find a way to do that), then I could have them submit a ticket for that if that's the issue.

We're just sending it via API, so just like this curl:

curl --location 'https://platform.ringcentral.com/restapi/oauth/token' \--header 'Content-Type: application/x-www-form-urlencoded' \--header 'Authorization: Basic xxxxxxx' \--data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer' \--data-urlencode 'assertion=eyJraWQiOiI4NzYyZxxxxxxx'


Again, thanks for your help.

1 comment
1 |3000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Phong Vu avatar image Phong Vu ♦♦ commented ·

It's safe to share their production app client id here. If I have the app client if, I can have a look at the app settings.

0 Likes 0 ·
Shanon Hart avatar image
Shanon Hart answered Phong Vu commented

That would be great, thank you! It's LVlfwBLzRsmMotDvPHvISA

1 comment
1 |3000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Phong Vu avatar image Phong Vu ♦♦ commented ·

Your customer app was still set password flow and that was the root cause of the problem. I changed the auth flow to JWT token. Give it an hour or so and try again.

Let me know if you still face problem.

0 Likes 0 ·

Developer sandbox tools

Using the RingCentral Phone for Desktop, you can dial or receive test calls, send and receive test SMS or Fax messages in your sandbox environment.

Download RingCentral Phone for Desktop:

Tip: switch to the "sandbox mode" before logging in the app:

  • On MacOS: press "fn + command + f2" keys
  • On Windows: press "Ctrl + F2" keys